Lesson 7: Building Synthetic Monitoring for 2FA

Some user journeys will incorporate 2 Factor Authentication (2FA) or One Time Pins (OTP). Find out how 2 Steps is the only Synthetic Monitoring solution for Splunk that can handle these use cases.

Transcripts available below.


One of the unique strengths of 2 Steps is its ability to support scenarios in synthetic tests that most tools simply relegate to the "too hard basket", such as two-factor authentication. So today I'm going to show you how we set that up into steps and use it in a web test. First, let me quickly show you how we configure our two-factor authentication provider. It's a little bit finicky, so I'm not going to dwell too much on the details, but I'll just only give you the general idea. So, first of all, I've opened up the two-factor page inside the 2 Steps app, and you can see we're prompted to either select an existing account or to create a new one. I'll click new account so you can see how that's done, but I won't actually create a new account in this video. So I get the account name and select the type of account from the dropdown. Now, the options you see here will depend on what services have been configured on your backend. Note, that one of the options here is timed one time password. And that covers those numeric passwords that are constantly changing. I could get with Google authenticator or similar systems so we can support that scenario as well, but I'm going to choose SMS global as my provider, and then some fields appear to allow me to enter my user ID secret and API key. I'll just close out of that though. And open an account. I already have configured.

So here you can see the configured account details. And now I'm going to add a phone profile that basically allows me to configure some details for a phone number that I've already purchased from an SMS service provider. So the list of phones here is something that's configured on the back end and not something that you need to worry about as the end user. In fact, all this configuration I'm showing you is likely to be set up with your 2 Steps installation and you won't have to worry about it, but, okay, so enter the name for the phone by select the phone number, and then finally, a regular expression, which is a code that's used to extract the actual number from the SMS that's received from the provider. Now, if you don't know what regular expressions are, don't worry. As I say, this is all one-time configuration stuff that will likely be handled as part of the 2 Steps installation. So I entered those details and save, and now we have an account and a phone profile, so we're ready to go. So we'll open the test editor where I've loaded a test that I created earlier, which logs into a Gmail account, which has two factor authentication enabled. So I'm going to run this test

And you'll see it entering my email details. And so now we've reached the two factor authentication step, and first of all, I'm going to insert a "wait for image" here, so the 2 Steps will wait for this page before it proceeds with the two factor authentication step, and then I'm gonna right right-click which brings up the advanced command menu and then click enter to 2FA S M S code and I'm prompted to select the phone or the account and the phone profile that I entered earlier, click okay. And you'll see the 2 Steps enters the two factor authentication code I'm going to click next. And so you can see here that I appear to be logged in, but I'm just going to click on the gmail link to verify that I have indeed successfully logged in. And so the last thing I'm going to do is just verify that I've arrived at the inbox by selecting this. So there you have it, as you can see, although the initial configuration has a few steps to it using two factor authentication - after that - inside your tests, couldn't be simpler.

Ready to get started?

Get in touch to create a trial account or book a demo