What is the best practice bypassing MFA for automated testing

Confluence Development Confluence Cloud
1

Hello everyone,

I’m building an application and I need automated end-to-end testing using Puppeteer. However, I’m facing challenges with the authentication process during testing. When logging in, the application often requires two-factor authentication or asks for verification codes sent via email.

These authentication measures make it difficult to run automated tests smoothly. I’m looking for established best practices or patterns that developers in this community use to handle testing of applications with MFA/2FA requirements.

Specifically:

  • Are there recommended approaches for bypassing authentication in test environments?
  • How do you handle email verification codes in automated tests?
  • Are there ways to configure test-specific authentication flows?
  • What solutions have worked well in your experience with similar conference applications?

I appreciate any guidance, code examples, or resources you can share!

Thanks in advance!

2

Hi @eagle.xiao , this topic was explored fairly well a few months back in this thread: How to disable extra login steps on an Confluence Cloud instance used only for end-to-end testing?. Take a look there for tips and advice.

For our E2E tests we are using test accounts with the TOTP MFA so our test tool can calculate and authenticate without having to pop and parse email. It works well for Jira, but in Confluence our E2E tests still have a very high error rate of “You don’t have access to this space” showing up for our headless test cases (after authenticating successfully). Believe it has something to do with the many extra redirects Confluence cloud does interactively.

Chris
Digital Rose