Solved: Re: Synthetic Monitor - MFA Authentication

saldrich · ‎09 May 2023

Hello DT Community Team,

Recently we have been working on enhancing our DEM using synthetics and the 2 business critical applications that we are working on have higher levels of Security. Application admins that gave us credentials to use for these 2 apps have enough access to give us local accounts to use, but the truth is in production environment most of our clients are signed up for multi-factor auth (MFA) either using SMS OTP or Authenticator. More and more apps will be moving to MFA for higher security.

The challenge is how do we incorporate MFA as part of synthetics? Originally I thought of using JS API call to GET the OTP directly from the RSA server but that’s not easily feasibly or in some cases its not feasible at all to get OTP using API call.

Please let me know your thoughts.

Let me know if you require any further information from us.

saldrich · ‎09 May 2023

One of our use cases would actually be to verify the MFA service to make sure its up and running.

DanielS · ‎09 May 2023

Hi @saldrich in my case, I need to obtain a token that in another step I was able to use to start the session.

I leave you a link to this post that could be useful to you.

The true delight is in the finding out rather than in the knowing.

dannemca · ‎09 May 2023

I am using an OTP generator app in node.js, hosted in a container, to provide the OTP code based on the user details (same code used by auth apps like google auth).

I have created a js event to call the OTP generator app, get the code, stores in a var, and in the next event, keystroke the var in the OTP field.

The link @DanielS posted should do the job you need.

Site Reliability Engineer @ Kyndryl