How to monitor applications with MFA using a TOTP

The MFA option is available only for applications that use time-based one-time passwords (TOTPs) as a two-factor authentication (2FA) method. In Site24x7, multi-factor authentication (MFA) is used for Web Transaction (Browser) monitors and SaaS Synthetics (Browser) monitors. To enable monitoring for an application with MFA using a TOTP, copy the secret key for your account from the application’s website and add it to the recorder or the monitor page.

How does MFA work using a TOTP?

MFA is the practice of adding a layer of security to the standard username- and password-based authentication. It employs a TOTP as a mechanism for authentication, which provides an added degree of protection to the online account login process. With a TOTP, a security code is generated as an authentication token. 

How to get the secret key

This option is supported only if the application uses TOTPs, a type of 2FA mechanism that relies on a mobile app like Google Authenticator or similar apps like OAuth or Microsoft Authenticator.

To monitor an application with MFA using a TOTP, you can copy your account's secret key from the application and paste it into Site24x7's Secret Key text box.

Learn more about the Salesforce secret key, Microsoft Outlook secret key, and Microsoft Teams secret key.

Web Transaction (Browser) monitor

Adding a global parameter

1. Log in to Site24x7.
2. To add the secret key as a parameter, navigate to Admin > Configuration Profiles > Global Parameters. On the Global Parameters page, click the Add Parameters button. In the pop-up that opens, enter the MFA secret key as the Parameter Value.
3. Click Save.
   

Setting the global parameter

1. Log in to Site24x7.
2. Under Add Monitor, choose the Web Transaction (Browser) monitor.
3. Enter the Base URL and Device Type and click Start Recording.
4. When recording your workflow, if you are prompted to enter the TOTP,  right-click the field where you need to enter the TOTP.
5. Select Site24x7 Web Transaction (Browser) Recorder from the list of options.
6. Choose Set TOTP Key, and then choose the name of the global parameter you've created for the secret key.
7. Now, you can record the steps in the transaction and click the Save button.
   

SaaS Synthetics (Browser) monitor

1. Log in to Site24x7.
2. Under Add Monitor, choose the SaaS Synthetics (Browser) monitor.
3. Paste the Secret key that you got from the SaaS application.
4. Click the Save button.
   

Site24x7 processes this secret key and stores it in an encrypted format. It uses the secret key to generate a six-digit code and use it. This encrypted code is retrieved each time data collection occurs and is used to log the SaaS application or website.

• Related Articles

• How to install packages to support Web Transaction (Browser) monitor in Linux On-Premise Poller

  To support Web Transaction (Browser) monitor on an On-Premise Poller, you can execute the following command in the terminal to install packages in CentOS 7.0 to 7.8 or in RHEL 7.x. Note: The Installation is supported only on 64-bit OS. Execute the ...

• What should I do when some of the screenshots for the real browser monitor are not clear?

  To ensure that all the page elements are loading correctly while taking screenshots, you can try adding wait_for_element_presence and wait_for_element_visibility parameters for the pages where the screenshots are not clear. To make this change: Log ...

• Are my passwords stored in the web script of the real browser monitor secure?

  Yes. The whole playback script is encrypted, and we take the utmost care while handling sensitive data.

• Managing Node.js applications using PM2 Process Manager

  Configure PM2 to manage Node.js applications Follow the instructions below to configure PM2 to manage Node.js applications. Steps to configure PM2 Configure the processManagerEnabled key in the already created apminsightnode.json file. Pass the value ...

• How many steps can be recorded in the Web Application Real Browser monitor?

  ​ Maximum number of steps that can be recorded and monitored through RBM is 20.    The limit is set to provide optimal polling frequency and performance as the maximum data collection time of a transaction should not exceed 165 seconds.   When you ...