Solved: synthetic monitoring an application that passes through OKTA (http or browser synthetic monitoring)

ckumlien · ‎09 Oct 2020

Can anyone share your experience with me regarding monitoring synthetic URL's that sit behind OKTA Authentication? The authentication sends verification code to a phone number and I don't know how to capture that and place it into the monitor. Has anyone actually made this work?

If it were not a random code, a voicemail on a dedicated number could authenticate. Since it is a random code, that no longer will work.

AntonioSousa · ‎10 Oct 2020

I have been looking into OKTA, but from the HTTP monitor perspetive, and no 2FA. 2FA is always particularly difficult to script...

Antonio Sousa

skanchalwar2 · ‎05 Aug 2021

If we can bypass 2FA for the dummy user, will Synthetic able to login into Okta and reach the app?

AntonioSousa · ‎05 Aug 2021

I have not tried hard to get this working, as it takes a lot of actions, which has a great impact on DEM consumption. But I would say so to your question.

Antonio Sousa

HannahM · ‎12 Oct 2020

Is there an API we could use to get the verification code from? If you have the code that generates the 'random' code, could we add that to a javaScript event to generate it through the script? Can the code only be sent to sms, could you use an a webmail account that you could check as part of the monitor?
Alternatively, if you are not specifically testing that 2FA works can you add something into your application that checks for our User Agent string and if it's included skips the 2FA.