Testing an application that has Multifactor Authentication (MFA) turned on

The purpose of Multifactor Authentication is to defeat bots. Software test automation solutions look like they are bots. All of the MFA implementations depend on human interaction.

To be able to successfully automate testing when MFA is in use usually starts with a conversation with the dev team. The dev team is just as interested in test automation as the test team is and is usually eager to provide “workarounds” to defeat or eliminate MFA in the test environment.

Types of MFA:

  • Enter a code sent to SMS or Email
  • Enter a code from an authenticator app (Windows, Google, etc.)
  • Insert hardware token into the computer
  • Enter something you know, your mother’s maiden name, the last four digits of your passport, etc
  • Geolocation
  • Biometrics

Common solutions to automating tests on applications that use MFA

  1. Disable the feature in the test environment – this has the downside that you are then not testing what the production version of the application will be and the dev team must remember to enable it again in the production version. It also means the MFA must be manually tested.
  2. Store the token where the test automation tool can retrieve it – storing the token in a database is the most common solution. This means the application under test can send the email or SMS, and the test automation script can retrieve the token from the database with an SQL call. This has the advantage that it does not require a special test build and the token will always be hidden behind the firewall when the system goes into production. Appvance IQ can read databases (SQL and non-SQL) from a test script.
  3. Create an API to retrieve the token – this is like number 2. Dev creates a service that the test automation calls to obtain the token. Also does not require a special test build of the application. The endpoint is behind the firewall so no risk of it being compromised. Appvance IQ can call APIs, Services, and Microservices from a test script.
  4. Use the test tool to read the email – most email services have a web version so use the test automation tool to open the email and extract the token. This is a built-in service in Appvance IQ.
  5. Use the tool to run the authenticator app – use the test automation tool to run the authenticator app. That is use cross-platform capabilities in your testing tool to read the authentication code from the authenticator app on a phone app, or Windows app. Appvance IQ supports native mobile and Windows desktop applications.

Appvance IQ (AIQ) covers all your software testing needs with the most comprehensive autonomous software testing platform available today.  Click here to demo today.

Recent Blog Posts

Read Other Recent Articles

Technical debt is a term familiar to many development teams, referring to the long-term consequences of taking shortcuts in software development. While sometimes necessary to meet tight deadlines, this debt accumulates over time, leading to increased maintenance costs, reduced productivity, and greater risk of defects. Fortunately, the advent of AI-powered solutions like Appvance IQ (AIQ)

Enterprise applications are the backbone of modern businesses, supporting critical operations across diverse industries. However, their complexity and scale pose unique challenges for testing teams. Ensuring these applications perform seamlessly requires handling large volumes of test cases without sacrificing speed or performance. Appvance IQ (AIQ) is uniquely designed to scale automated testing to meet the

Ensuring product quality while maintaining speed to market is paramount in the software development process. Regression testing—the process of verifying that new code changes do not disrupt existing functionality—is essential, but it can also be time-consuming and repetitive. Automating regression testing with Appvance IQ (AIQ) offers an efficient solution to streamline this process, saving time

Empower Your Team. Unleash More Potential. See What AIQ Can Do For Your Business

footer cta image
footer cta image