Testing an application that has Multifactor Authentication (MFA) turned on

The purpose of Multifactor Authentication is to defeat bots. Software test automation solutions look like they are bots. All of the MFA implementations depend on human interaction.

To be able to successfully automate testing when MFA is in use usually starts with a conversation with the dev team. The dev team is just as interested in test automation as the test team is and is usually eager to provide “workarounds” to defeat or eliminate MFA in the test environment.

Types of MFA:

  • Enter a code sent to SMS or Email
  • Enter a code from an authenticator app (Windows, Google, etc.)
  • Insert hardware token into the computer
  • Enter something you know, your mother’s maiden name, the last four digits of your passport, etc
  • Geolocation
  • Biometrics

Common solutions to automating tests on applications that use MFA

  1. Disable the feature in the test environment – this has the downside that you are then not testing what the production version of the application will be and the dev team must remember to enable it again in the production version. It also means the MFA must be manually tested.
  2. Store the token where the test automation tool can retrieve it – storing the token in a database is the most common solution. This means the application under test can send the email or SMS, and the test automation script can retrieve the token from the database with an SQL call. This has the advantage that it does not require a special test build and the token will always be hidden behind the firewall when the system goes into production. Appvance IQ can read databases (SQL and non-SQL) from a test script.
  3. Create an API to retrieve the token – this is like number 2. Dev creates a service that the test automation calls to obtain the token. Also does not require a special test build of the application. The endpoint is behind the firewall so no risk of it being compromised. Appvance IQ can call APIs, Services, and Microservices from a test script.
  4. Use the test tool to read the email – most email services have a web version so use the test automation tool to open the email and extract the token. This is a built-in service in Appvance IQ.
  5. Use the tool to run the authenticator app – use the test automation tool to run the authenticator app. That is use cross-platform capabilities in your testing tool to read the authentication code from the authenticator app on a phone app, or Windows app. Appvance IQ supports native mobile and Windows desktop applications.

Appvance IQ (AIQ) covers all your software testing needs with the most comprehensive autonomous software testing platform available today.  Click here to demo today.

Recent Blog Posts

Read Other Recent Articles

In a startling move that’s rippled through the tech world, IgniteTech CEO Eric Vaughan replaced nearly 80% of his workforce after employees resisted his AI-first strategy—a change he says he’d make again.  An Existential Shift in Culture, Not Just Tools Vaughan believed generative AI wasn’t optional—it was existential. He introduced “AI Mondays,” mandated that every department—from

In the fast-moving world of software delivery, speed and accuracy are everything. Time isn’t just money—it’s market share, competitive advantage, and customer loyalty. Every defect that slips into production is a risk: to your brand, your bottom line, and the trust you’ve built with your users both internal and external. Yet, despite this reality, many

By Kevin Surace, CEO of Appvance Every few months, headlines trumpet the latest “AI breakthrough.” A new co-pilot. A smarter recorder. An incremental feature that saves a few hours here or there. And every time, CIOs and CTOs ask the same question: is this worth the disruption of implementing new systems? Peter Diamandis put it

Empower Your Team. Unleash More Potential. See What AIQ Can Do For Your Business

footer cta image
footer cta image