cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to make multi factor authentication work for synthetics?

AK
Advisor

Hi Team,

Its been a while, we are struggling to configure synthetics for application which uses multi factor or two factor authentication and we have more than 10 such application which uses MFA.

I went through some threads, where they suggested to skip is for the UserID which is used for synthetic.

However, from security standpoint its not feasible.

What I was thinking is, pick the PIN from email ID and use it or get the PIN from text file stored on some host/ActiveGate and use it.

Is it something that is doable/achievable with our synthetics?

Regards,

AK

6 REPLIES 6

There are issues with MFA whatever type of synthetic you use.
Now, if you've got your PIN in an email, and are able to put it in a file, you're halfway done.

The other half involves getting the script to read that value. Your aim should be able to get it with Javascript. It also depends on you using public or private locations. You will not be able to load a file onto a public location, but you could do it in a synthetic Activegate. There you could read it from the script. If on a public location, you could upload the PIN to a secret location and get it from there. There would be several issues involved, including probably getting the HTTP to stay stuck before the PIN arrives.

Of course, be careful with all this, as this will defeat MFA in the first place...

Hello Antonio,

I went through some forums but it seems, JavaScript cannot access the local files from the user's device directly we need to provide the user with a way to select files to use and HTML file input element must be used.

Do you have any other way around, I would need your help here to write JavaScript code.

Regards,

AK

Yes, normally you can't read from the local disk by Javascript, as it would be a security disaster.

So, for the read to work, you would have to reconfigure the browser and use special Javascript. Not sure if Dynatrace would block anything of it, and to be clear, I have not worked this out myself. Of course, to do this, you have to run your private synthetic location, and do the tweaking. This will be unsupported by Dynatrace, of course, as you are really hacking it out...

The other way I imagine it can work, without files, is getting it through a webservice or other type of HTTP call, to a web server that would give the reply. It would be a blocking call to that service, that would reply once the MFA value is known. You could then get the value into the Dynatrace synthetic script, and run it from there. Please beware of the multiple security risks involved...

Hello Antonio,

Somehow I'm able to get the PIN via API.

- Steps I followed while recording are,

1. Loading of main URL

2. Login with credentials

3. PIN generation page appear

4. Access API URL in new tab which has PIN value

- Custom Steps are, (not configured yet)

5. Add JavaScript step to fetch the PIN value and save the value

6. Pass the value to on PIN generation page

Now the problem is, when we playback this script, API URL entered in 4th step never get launched in new tab. Instead of that, it launches in same window and this is making difficult to configure 5th and 6th steps.

Regards,

Akshay

In the 3rd step, besides loading the page, you should include a XHR request that gets the data. If you launch a new page, or leave that page, I believe you will not be able to go back.

You should probably follow the example laid out in the following help page:

https://www.dynatrace.com/support/help/how-to-use-dynatrace/synthetic-monitoring/browser-monitors/br...

Hi Antonio,

Thanks for your help, much appreciated. The solution worked perfectly fine.

Regards,

AK