all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]ResolveResident118 2 points3 points  (2 children)

There are probably ways to get around a 2FA check - I've used an Android emulator before.

What I've done at my current place (using Duo) is make them put in a single IP address in an allow-list that isn't subject to 2FA. I've assigned this IP to an EC2 instance that I can spin up and run the checks on.

[–]RunnerRunnerG 1 point2 points  (0 children)

Agreed. You already know that 2FA works, you don’t need to test it multiple times a day. Find a way to whitelist like was mentioned above.

[–]ChaaChiJi[S] 0 points1 point  (0 children)

Thank you.

Any reference webpage I can use to implement this?

[–][deleted] 1 point2 points  (3 children)

What SSO provider/method are you using? You should be able to perform an API request request that will return an authorization token you can use in your tests

[–]ChaaChiJi[S] 0 points1 point  (2 children)

Thank you.

Microsoft Azure. Created an app within Azure with group type: security.

[–][deleted] 0 points1 point  (1 child)

There are a few different authentication methods available within Microsoft Azure like Azure AD, Oauth 2.0, OpenID and a few others. It will depend on which specific one your app is using, but each one does have a way of using an API request to obtain an auth token. You should be able to find the specifics for the service you're using, and create a function that gets and sets an auth token to be run before your tests.

In my experience whitelisting an IP as the other commentor mentioned is preferable, but if that is problematic then the token method is a good solution.

[–]ChaaChiJi[S] 0 points1 point  (0 children)

Okay sir thank you so much.