The purpose of Multifactor Authentication is to defeat bots. Software test automation solutions look like they are bots. All of the MFA implementations depend on human interaction.
To be able to successfully automate testing when MFA is in use usually starts with a conversation with the dev team. The dev team is just as interested in test automation as the test team is and is usually eager to provide “workarounds” to defeat or eliminate MFA in the test environment.
Types of MFA:
- Enter a code sent to SMS or Email
- Enter a code from an authenticator app (Windows, Google, etc.)
- Insert hardware token into the computer
- Enter something you know, your mother’s maiden name, the last four digits of your passport, etc
- Geolocation
- Biometrics
Common solutions to automating tests on applications that use MFA
- Disable the feature in the test environment – this has the downside that you are then not testing what the production version of the application will be and the dev team must remember to enable it again in the production version. It also means the MFA must be manually tested.
- Store the token where the test automation tool can retrieve it – storing the token in a database is the most common solution. This means the application under test can send the email or SMS, and the test automation script can retrieve the token from the database with an SQL call. This has the advantage that it does not require a special test build and the token will always be hidden behind the firewall when the system goes into production. Appvance IQ can read databases (SQL and non-SQL) from a test script.
- Create an API to retrieve the token – this is like number 2. Dev creates a service that the test automation calls to obtain the token. Also does not require a special test build of the application. The endpoint is behind the firewall so no risk of it being compromised. Appvance IQ can call APIs, Services, and Microservices from a test script.
- Use the test tool to read the email – most email services have a web version so use the test automation tool to open the email and extract the token. This is a built-in service in Appvance IQ.
- Use the tool to run the authenticator app – use the test automation tool to run the authenticator app. That is use cross-platform capabilities in your testing tool to read the authentication code from the authenticator app on a phone app, or Windows app. Appvance IQ supports native mobile and Windows desktop applications.
Appvance IQ (AIQ) covers all your software testing needs with the most comprehensive autonomous software testing platform available today. Click here to demo today.
