Microsoft SSO with TOTP Setup Using QR Code
|
|
In order to generate a TOTP code inside your test cases, you must:
- Have an application that supports Microsoft SSO.
- Have a Microsoft account configured for the application login flow.
- Have TOTP-based authentication enabled for the account.
- Have access to the QR code used during the TOTP setup.
- Have a testRigor account. If you still don’t have one, you can get yours now.
- Complete the steps below to set everything up.
To use this feature, you need to configure the Microsoft SSO account to use a TOTP-based authentication method, save the QR code used during that setup, and upload the QR code image to your testRigor test suite.
During test execution, testRigor scans the saved QR code image, extracts the TOTP secret, generates the current authentication code, and enters it into the two-factor authentication field.
- Start the Microsoft SSO authentication setup for the account that will be used in your test case.
- Enable a TOTP-based authentication method for the account.
- When the setup page displays a QR code, save the QR code image to a file. You will need this QR code to generate the authentication code inside testRigor test cases.
- After saving the QR code image, complete the authenticator setup using a compatible authenticator app.
- Finish the setup by entering the code generated by the authenticator app.
- At this point, the account is ready to use TOTP-based authentication. The QR code image saved in the previous step can now be used inside testRigor test cases.
This article applies to Microsoft SSO flows where a standard TOTP / Software OATH QR code or shared secret is available. Support for Microsoft Authenticator’s proprietary enrollment flow has not yet been released. If your Microsoft Entra configuration does not expose a QR code or shared secret, ask your administrator to enable Software OATH / standard TOTP for the test account, or disable MFA for dedicated test accounts in the testing environment.
- Login to your testRigor account.
- Create or access the suite where you want to test the Microsoft SSO authentication flow.
- Click on “Test Data”.
- Click on “Add”.
- In the type field, select “File”.
- Enter a name to reference the QR code image in test cases. In this example, the QR code file is referenced as:
qrCode
- Upload the QR code image file and save it.
- Now you are able to use the QR code image inside your test case to generate the TOTP code.
The example below shows a Microsoft SSO login flow where the application asks for a two-factor authentication code after the Microsoft login is completed.
click "Microsoft" check that page contains "Sign in" enter stored value "username" into "Email" click "Next" check that page contains "Send code" click "Other ways to sign in" check that page contains "Use your password" click "Use your password" type stored value "password" click "Next" check that page contains "Stay signed in?" click "Yes" check that page contains "two-factor" scan qr code value from stored value "qrCode" and save as "code" extract value by regex "(?<=secret=)[A-Z0-9]+" from saved value "code" and save it as "secret" generate totp code using saved value "secret" and save it as "2faCode" enter saved value "2faCode" into "Two-Factor Authentication Code" enter enter check that page contains "Recents"
The QR code used during TOTP setup contains an otpauth://totp/... value. testRigor scans the QR code image saved in Test Data and saves the decoded value as code.
scan qr code value from stored value "qrCode" and save as "code"
The decoded QR code value contains the TOTP secret. The following command extracts the secret and saves it as secret.
extract value by regex "(?<=secret=)[A-Z0-9]+" from saved value "code" and save it as "secret"
After the secret is extracted, testRigor generates the current TOTP code.
generate totp code using saved value "secret" and save it as "2faCode"
Finally, testRigor enters the generated code into the two-factor authentication field.
enter saved value "2faCode" into "Two-Factor Authentication Code"
This allows the test case to complete the Microsoft SSO login flow without manually opening an authenticator app during every test execution.
- The QR code image must be uploaded to testRigor Test Data as a file.
- The stored value name used in the test case must match the name used when uploading the QR code image. In this example, the name is
qrCode. - The generated TOTP code is time-based, so testRigor generates a fresh code during the test execution.
- Field names and button labels may be different depending on the application being tested. Update the test case steps to match your application.
- This approach works when the authentication setup provides a QR code or shared secret. Microsoft Authenticator proprietary enrollment support has not yet been released.



