Tricentis Tosca integrates with Multi-Factor Authentication (MFA) mechanisms to ensure secure access to the platform and associated systems.
This integration aligns with organizational security policies by adding an extra layer of protection beyond traditional username and password credentials.
MFA in Tricentis Tosca MFA can be implemented within Tricentis Tosca in several scenarios, such as:
1. User Authentication for Tosca Server: • Securing access to the Tosca Commander or Tosca Testsuite through MFA.
2. Integration with SSO and Identity Providers: • Tosca supports Single Sign-On (SSO) with MFA using identity providers like Azure AD, Okta, Ping Identity, or Google Workspace. These providers enable MFA via push notifications, authenticator apps, or biometric verifications.
3. API and Web-Based Authentication Testing: • Tosca’s capabilities extend to automating test cases for systems with MFA-secured APIs or web applications.
Implementing MFA with Tricentis Tosca
1. SSO Configuration with MFA:
• Identity Provider Setup: Configure the MFA requirements (e.g., OTP, biometrics) on the identity provider linked to Tosca’s authentication flow.
• Tosca Integration: Link Tosca with the identity provider through OAuth 2.0 or SAML for MFA-secured SSO.
2. Tosca API Testing with MFA:
• Tosca can handle API requests requiring MFA tokens. Use dynamic token generation methods like:
• OTPs from authentication apps (e.g., Google Authenticator).
• Tokens retrieved via REST calls to MFA-enabled APIs.
3. Web Application Testing with MFA:
• Automated Interaction: Tosca simulates MFA flows by integrating with third-party tools or directly interacting with the MFA mechanism.
For example: • Handling OTP inputs via email/SMS. • Interacting with a push notification approval process.
4. Custom MFA Handling:
• For advanced or proprietary MFA systems, Tosca’s custom modules or TBox framework can be used to automate specific verification steps.
Benefits of MFA in Tosca
1. Enhanced Security: Protects sensitive test data and configurations.
2. Compliance: Meets industry standards like ISO 27001, GDPR, or PCI-DSS.
3. Seamless User Experience: Supports SSO with integrated MFA for minimal disruption.
4. End-to-End Automation: Enables comprehensive testing of MFA-secured workflows.
Example: Automating a Web Application with MFA Consider testing a banking application that uses OTP-based MFA.
1. Tosca navigates to the login page and enters credentials.
2. Tosca waits for an OTP sent via SMS or email.
3. Tosca retrieves the OTP dynamically (e.g., through API or email integration).
4. Tosca enters the OTP in the application and verifies access.