- Observability: other versions:
- What is Elastic Observability?
- What’s new in 8.15
- Get started
- Observability AI Assistant
- Application performance monitoring (APM)
- Self manage APM Server
- Data Model
- Features
- Navigate the APM UI
- Perform common tasks in the APM UI
- Configure APM agents with central config
- Control access to APM data
- Create an alert
- Create and upload source maps (RUM)
- Create custom links
- Filter data
- Find transaction latency and failure correlations
- Identify deployment details for APM agents
- Integrate with machine learning
- Explore mobile sessions with Discover
- Observe Lambda functions
- Query your data
- Storage Explorer
- Track deployments with annotations
- Use OpenTelemetry
- Manage storage
- Configure
- Advanced setup
- Secure communication
- Monitor
- APM Server API
- APM UI API
- Troubleshoot
- Upgrade
- Release notes
- Known issues
- Log monitoring
- Infrastructure monitoring
- AWS monitoring
- Azure monitoring
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure projects
- Multi-factor Authentication
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Use Synthetics with traffic filters
- Migrate from the Elastic Synthetics integration
- Scale and architect a deployment
- Synthetics support matrix
- Synthetics Encryption and Security
- Troubleshooting
- Uptime monitoring
- Real user monitoring
- Universal Profiling
- Alerting
- Service-level objectives (SLOs)
- Cases
- CI/CD observability
- Troubleshooting
- Fields reference
- Tutorials
Multi-factor Authentication (MFA) for browser monitors
editMulti-factor Authentication (MFA) for browser monitors
editMulti-factor Authentication (MFA) adds an essential layer of security to applications login processes, protecting against unauthorized access. A very common use case in Synthetics is testing user journeys involving websites protected by MFA.
Synthetics supports testing websites secured by Time-based One-Time Password (TOTP), a common MFA method that provides short-lived one-time tokens to enhance security.
Configuring TOTP for MFA
editTo test a browser journey that uses TOTP for MFA, first configure the
Synthetics authenticator token in the target application. To do this, generate a One-Time
Password (OTP) using the Synthetics CLI; refer to @elastic/synthetics totp <secret>.
npx @elastic/synthetics totp <secret> // prints OTP Token: 123456
Applying the TOTP Token in Browser Journeys
editOnce the Synthetics TOTP Authentication is configured in your application, you
can now use the OTP token in the synthetics browser journeys using the mfa
object imported from @elastic/synthetics.
import { journey, step, mfa} from '@elastic/synthetics'; journey('MFA Test', ({ page, params }) => { step('Login using TOTP token', async () => { // login using username and pass and go to 2FA in next page const token = mfa.totp(params.MFA_SECRET); await page.getByPlaceholder("token-input").fill(token) }); });
For monitors created in the Synthetics UI using the Script editor, the mfa object can be accessed as shown below:
step('Login using 2FA', async () => { const token = mfa.totp(params.MFA_SECRET); await page.getByPlaceholder("token-input").fill(token) });
params.MFA_SECRET would be the encoded secret that was used for registering the Synthetics Authentication in your web application.