Add first class support for MFA TOTP based tokens in the Synthetics UI. Synthetics would allow users to create a new type of Global Variable totp_token which would let users store the SECRET and generate OTP code on demand when running Synthetics monitors.
There are two flows for this
Allowing users to store Secret as params
This is similar to how one would create sensitive params, Users would create a sensitive param called MFA_SECRET and use that in the synthetics tests as params and generate the token - https://github.com/elastic/synthetics/pull/957
Generating OTP directly in Kibana
This is where the first class support for MFA comes in. We would allow users to do the following
Create a global variable called MFA_GH_TOKEN (should be configurable) of type totp_token in the Global params tab.
We should allow users to upload the Secret either via QR code or plain text secret (Similar to Google Authenticator, Authy, etc). Look at the example https://otplib.yeojz.dev/
UI should allow generating OTP on demand if needed for testing.
The token MFA_GH_TOKEN should be available as global variable to access inside Lightweight and Browser journeys like every other params.
The token should be fresh every time the test was run. We should find a way to automatically generate a new OTP every time the test was run.
Describe a specific use case for the feature:
A common use case for synthetics is testing sites behind a login. Those login flows often use MFA, which is difficult for current users of synthetics as there no first class support for TOTP based tokens for all the monitors.
Describe the feature:
Add first class support for MFA TOTP based tokens in the Synthetics UI. Synthetics would allow users to create a new type of Global Variable
totp_token
which would let users store the SECRET and generate OTP code on demand when running Synthetics monitors.There are two flows for this
Allowing users to store Secret as params
This is similar to how one would create sensitive params, Users would create a sensitive param called
MFA_SECRET
and use that in the synthetics tests as params and generate the token - https://github.com/elastic/synthetics/pull/957Generating OTP directly in Kibana
This is where the first class support for MFA comes in. We would allow users to do the following
MFA_GH_TOKEN
(should be configurable) of typetotp_token
in the Global params tab.MFA_GH_TOKEN
should be available as global variable to access inside Lightweight and Browser journeys like every other params.Describe a specific use case for the feature:
A common use case for synthetics is testing sites behind a login. Those login flows often use MFA, which is difficult for current users of synthetics as there no first class support for TOTP based tokens for all the monitors.