Recording Applications with MFA and TOTP

Multi-factor authentication (MFA) and time-based one-time password (TOTP) are essential security features that provide extra protection for online accounts. By requiring more than just a username and password, they add an additional layer of security. TOTP, a type of two-factor authentication (2FA), works by generating temporary, time-based codes through mobile apps such as Google Authenticator, OneAuth, or Microsoft Authenticator. This feature is supported only when the application is secured with TOTP, enhancing protection against unauthorized access.

This page serves as a step-by-step guide on how to set up and use MFA and TOTP effectively, ensuring your applications remain secure against unauthorized access.

Note: The examples on this page are only for illustration purposes.

Fetch the TOTP Secret Keys from the application

  1. Configure TOTP in the Application: Begin by enabling TOTP for your account in the application’s security settings.
  2. QR Code Display: When the application presents a QR code to link with your authenticator app, select the option that says, “I can’t scan the barcode” or “Configure manually.”
  3. Copy the Secret Key: The application will display a TOTP secret key. Copy this key, as it can be used to manually configure TOTP in an authenticator app.

Add the TOTP Secret key as a Credential in Credential Manager

  • Go to SettingsDiscovery & Data CollectionCredential SettingsCredential Manager.
  • Click Add New Credential and select Real Browser Monitor as the credential type.
  • Provide a descriptive Credential Name and paste the copied TOTP Secret Key into the Secret Key field.
  • Once the required information is entered, click Save to store the TOTP secret key as a credential.

Record the Application with TOTP

When recording your workflow for an application protected by TOTP, follow these steps if you're prompted to enter the TOTP:

  • Right-click on the field where the TOTP is required.
  • From the list of options displayed, choose Applications Manager Web Transaction Recorder.
  • Select Set TOTP Key from the menu and choose the credential name that corresponds to the TOTP secret key previously earlier.
  • After setting the TOTP key, enter the TOTP, record all the necessary steps, and start monitoring the application using the recorded transaction.