Multifactor Authentication with Test Complete
Hi there, Would like to know if Test complete will allow validation of Mobile application where MFA is crucial. Use case: Customer enter their details like Name, DOB and their registered mo...
Forum Discussion
Hi Reddy,
This is a question that does come up a lot when speaking to customers. Multi-Factor Authentication (MFA / 2FA) and/or CAPTCHA is tricky for any test automation solutions because these mechanisms are designed to prevent unauthorised users and bots from accessing systems and applications. Test automation solutions are essentially acting as a bot.
I'm sure the wider community would have many potential ideas and methods for working around this however here are three possible approaches:
- Manual intervention. Sometimes a human will always need to be there to take the verification code from SMS or authenticator apps and manually input this into the application. You can build this prompt into your test script using the InputBox method. More detail in documentation.
- Automate verification code retrieval from known data source or authenticator service in your test case.
- Retrieve verification code from email. If your code comes via SMS, you could use an SMS to email forwarding service then retrieving the code directly from the received email in your test case.
Hope this helps.
Cheers,
Christof
We turn the verification off in the test environment for all the other testing that needs to be run, TestComplete or not, and then we turn the verification on at the end and test it manually. For us, the MFA client is known to be good, so all we need to prove is that the connection works. There's no need to run the MFA every time for every login in our test environment.
ETA: We worked this out with our security department so that this test environment is made safe in other ways while we are testing. Not suggesting that you leave the environment wide open. 😉
