diff --git a/docs/en/observability/index.asciidoc b/docs/en/observability/index.asciidoc index c6fe11ddb1..0adc85b6c5 100644 --- a/docs/en/observability/index.asciidoc +++ b/docs/en/observability/index.asciidoc @@ -56,6 +56,8 @@ include::synthetics-command-reference.asciidoc[leveloffset=+3] include::synthetics-configuration.asciidoc[leveloffset=+3] +include::synthetics-mfa.asciidoc[leveloffset=+3] + include::synthetics-settings.asciidoc[leveloffset=+3] include::synthetics-roles.asciidoc[leveloffset=+3] diff --git a/docs/en/observability/synthetics-command-reference.asciidoc b/docs/en/observability/synthetics-command-reference.asciidoc index 5f5de48a9e..70febf4ff4 100644 --- a/docs/en/observability/synthetics-command-reference.asciidoc +++ b/docs/en/observability/synthetics-command-reference.asciidoc @@ -333,3 +333,26 @@ and you do _not_ include `--url` and `--auth`, all global locations managed by E However, you will not be able to push to these locations with your API key and will see an error: _You don't have permission to use Elastic managed global locations_. For more details, refer to the <>. + +[discrete] +[[elastic-synthetics-totp-command]] += `@elastic/synthetics totp ` + +Generate a Time-based One-Time Password (TOTP) for multifactor authentication (MFA) in Synthetics. + +[source, sh] +---- +npx @elastic/synthetics totp +npx @elastic/synthetics totp --issuer --label +---- + +``:: +The encoded secret key used to generate the TOTP. + +`--issuer `:: + +Name of the provider or service that is assocaited with the account. + +`--label `:: + +Identifier for the account. Defaults to `SyntheticsTOTP` diff --git a/docs/en/observability/synthetics-mfa.asciidoc b/docs/en/observability/synthetics-mfa.asciidoc new file mode 100644 index 0000000000..476c3ce04a --- /dev/null +++ b/docs/en/observability/synthetics-mfa.asciidoc @@ -0,0 +1,62 @@ +[[synthetics-mfa]] += Multi-factor Authentication (MFA) for browser monitors + +++++ +Multi-factor Authentication +++++ + +Multi-factor Authentication (MFA) adds an essential layer of security to +applications login processes, protecting against unauthorized access. A very +common use case in Synthetics is testing user journeys involving websites +protected by MFA. + +Synthetics supports testing websites secured by Time-based One-Time Password +(TOTP), a common MFA method that provides short-lived one-time tokens to +enhance security. + +[discrete] +== Configuring TOTP for MFA + +To test a browser journey that uses TOTP for MFA, first configure the +Synthetics authenticator token in the target application. To do this, generate a One-Time +Password (OTP) using the Synthetics CLI; refer to <>. + +```sh +npx @elastic/synthetics totp + +// prints +OTP Token: 123456 +``` + +[discrete] +== Applying the TOTP Token in Browser Journeys + +Once the Synthetics TOTP Authentication is configured in your application, you +can now use the OTP token in the synthetics browser journeys using the `mfa` +object imported from `@elastic/synthetics`. + +```ts +import { journey, step, mfa} from '@elastic/synthetics'; + +journey('MFA Test', ({ page, params }) => { + step('Login using TOTP token', async () => { + // login using username and pass and go to 2FA in next page + const token = mfa.token(params.MFA_GH_SECRET); + await page.getByPlaceholder("token-input").fill(token) + }); +}); +``` + +For monitors created in the Synthetics UI using the Script editor, the `mfa` object can be accessed as shown below: + +```ts +step('Login using 2FA', async () => { + const token = mfa.token(params.MFA_GH_SECRET); + await page.getByPlaceholder("token-input").fill(token) +}); +``` + +[NOTE] +==== +`params.MFA_GH_SECRET` would be the encoded secret that was used for registering the Synthetics Authentication in your web application. +==== \ No newline at end of file diff --git a/docs/en/serverless/serverless-observability.docnav.json b/docs/en/serverless/serverless-observability.docnav.json index e8e773c78a..b857a44087 100644 --- a/docs/en/serverless/serverless-observability.docnav.json +++ b/docs/en/serverless/serverless-observability.docnav.json @@ -484,6 +484,11 @@ "slug": "/serverless/observability/synthetics-configuration", "classic-sources": ["enObservabilitySyntheticsConfiguration"] }, + { + "label": "Multifactor Authentication for browser monitors", + "slug": "/serverless/observability/synthetics-mfa", + "classic-sources": ["enObservabilitySyntheticsMFA"] + }, { "label": "Configure Synthetics settings", "slug": "/serverless/observability/synthetics-settings", diff --git a/docs/en/serverless/synthetics/synthetics-command-reference.mdx b/docs/en/serverless/synthetics/synthetics-command-reference.mdx index 9c248069ae..96d501f7ae 100644 --- a/docs/en/serverless/synthetics/synthetics-command-reference.mdx +++ b/docs/en/serverless/synthetics/synthetics-command-reference.mdx @@ -366,3 +366,28 @@ To list both locations on Elastic's global managed infrastructure and ((private- _You don't have permission to use Elastic managed global locations_. For more details, refer to the troubleshooting docs. */} + +## `@elastic/synthetics totp ` + +Generate a Time-based One-Time Password (TOTP) for multifactor authentication(MFA) in Synthetics. + +```sh +npx @elastic/synthetics totp --issuer --label