Forum Discussion

Bigonquality's avatar
Bigonquality
New Contributor
3 years ago

Multifactor Authentication with Test Complete

Hi there,

 

Would like to know if Test complete will allow validation of Mobile application where MFA is crucial.

 

Use case:

  1. Customer enter their details like Name, DOB and their registered mobile number for logging to the mobile app.
  2. SMS will be triggered to the mobile.
  3. User should enter SMS to login to the application.

Appreciate your update.

 

Thanks,

Reddy.

 

 

Mobile Testing
  • ChristofS's avatar
    ChristofS
    Staff
    3 years ago

    Hi Reddy,

     

    This is a question that does come up a lot when speaking to customers. Multi-Factor Authentication (MFA / 2FA) and/or CAPTCHA is tricky for any test automation solutions because these mechanisms are designed to prevent unauthorised users and bots from accessing systems and applications. Test automation solutions are essentially acting as a bot.

     

    I'm sure the wider community would have many potential ideas and methods for working around this however here are three possible approaches:

    1. Manual intervention. Sometimes a human will always need to be there to take the verification code from SMS or authenticator apps and manually input this into the application. You can build this prompt into your test script using the InputBox method. More detail in documentation.
    2. Automate verification code retrieval from known data source or authenticator service in your test case.
    3. Retrieve verification code from email. If your code comes via SMS, you could use an SMS to email forwarding service then retrieving the code directly from the received email in your test case.

    Hope this helps.

     

    Cheers,

    Christof

    • Marsha_R's avatar
      Marsha_R
      Moderator
      3 years ago

      We turn the verification off in the test environment for all the other testing that needs to be run, TestComplete or not, and then we turn the verification on at the end and test it manually. For us, the MFA client is known to be good, so all we need to prove is that the connection works. There's no need to run the MFA every time for every login in our test environment.

       

      ETA: We worked this out with our security department so that this test environment is made safe in other ways while we are testing. Not suggesting that you leave the environment wide open.  😉