Multi-Factor Authentication (MFA)
Configure AppScan® to use one-time password or security questions (multi-factor authentication) when logging in.
One Time Password (OTP)
If your application uses OTP, select one of the two options, otherwise leave the default setting: None.
- Only one OTP type (TOTP or URL-generated) is supported per scan.
- For TOTP only numerical values are supported.
- OTP is supported only when the Chromium browser is used to record the Login. It is not supported if Internet Explorer is used.
- When OTP is configured, Action-based must be the selected Login playback method in the Login playback. OTP will not work with Request-based login.
How to identify the OTP HTTP-parameter
AppScan needs to know the name of the parameter that contains the OTP (in order to be able to log in to the application), and usually identifies it when validating the Recorded Login procedure. If it fails to do so, or if you use Automatic Login, you must add the parameter yourself.
- Open a browser and go to your application's login page.
- Click F12 to open the developer tools pane of the browser (opens to the right of, or underneath, the main browser pane).
- Click on the Elements tab to view the HTML code.
When you select a part of the code, the element is highlighted in the main browser pane.
- Locate the element that highlights the OTP
field.Example:
<input type="text" name="OTPvalue" value="">
- The value of the name parameter, without the quotation marks, is the OTP
HTTP parameter you
need.Example:
OTPvalue
- If there is more than one OTP HTTP parameter, click Add another to add additional fields as needed.
Security questions
If your application uses security questions, you can add them here.
To add security questions:- Click + Add.
- Type in the question and the answer and optionally the parameters if any and click Apply.