> For the complete documentation index, see [llms.txt](https://docs.thousandeyes.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.thousandeyes.com/product-documentation/browser-synthetics/transaction-test-sso-support/totp-examples.md).

# TOTP Examples for SSO

The examples below of third-party authenticators are for illustration purposes only. The workflows are subject to change. See the ThousandEyes [transaction scripting examples repository](https://github.com/thousandeyes/transaction-scripting-examples) for further examples.

## Secret Token From QR Code

The secret token often comes in a form of a QR code:

![](/files/Yzykl4XxNlZSsvB8gOyT)

You need to convert the QR code into a secret token. You can scan the QR code with your mobile phone, or convert it using a desktop or CLI app.

{% hint style="warning" %}
Do not use online QR scanners, as that will expose the secret token to 3rd parties.
{% endhint %}

The QR code will decode into a string like:

```
otpauth://totp/Ledgy:Lone Must?secret=N5LVC5JZNVVDSUZPJFIWUZSHGFDGMZJU&issuer=Ledgy
```

The secret token is just the **N5LVC5JZNVVDSUZPJFIWUZSHGFDGMZJU** part.

Once you have the secret token, you should store it in the **ThousandEyes Credentials Repository** as described in [Working With Secure Credentials](https://docs.thousandeyes.com/product-documentation/browser-synthetics/transaction-tests/getting-started/working-with-secure-credentials).

Then, use the following code in your transaction test script to generate a one time password in every transaction run:

```
const secretToken = credentials.get('TOTP Secret Token');
const totp = authentication.getTimeBasedOneTimePassword(secretToken);
const totpElement = await driver.findElement(By.xpath(`//input[@id="totp"]`));
await totpElement.clear();
await totpElement.sendKeys(totp);
```

## Variants for Setting Up Common Authenticators

This section shows the user experience for TOTP workflows, which we can then relate to the scripting used to implement these workflows in ThousandEyes transaction tests.

These workflows are for you to generate a secret key, for use in your transaction test scripts. They’re not generating the one-time password, they’re generating the keys that you will need to generate the OTP each time the transaction test is run.

### Google Authenticator

![](/files/haFgupqYwVsh2IxrjwYn)

Above is a workflow for Okta with Google Authenticator as the mobile OTP app. All steps occur within the Okta portal, using a desktop browser running on a workstation with a mouse and a keyboard:

The user sets up extra verification in their user profile, and clicks **Set up** for the Google Authenticator option. A dialog appears, directing the user to install Google Authenticator on their mobile device (not shown). Instead of clicking **Next**, the user clicks **Can’t scan?** Okta generates the secret key and presents it to the user.

### Microsoft Authenticator

![](/files/0ph70VyCVr2Kyva9dYZJ)

Above is a workflow for Microsoft Authenticator with any mobile OTP app. All steps occur within a Microsoft identity portal, using a desktop browser running on a workstation with a mouse and a keyboard:

The user visits the Microsoft portal and chooses the steps for **Additional security verification** and selects these options: Choose **Use verification code from app** Provide **Authentication phone number** Choose **Authenticator app or Token** Click **Set up Authenticator app** Under **Configure mobile app**, do not scan the QR code. Instead, click **Configure app without notifications**. A secret key is generated and shown. Note that the key, which is lowercase with spaces, should be entered into your transaction test script in all caps, with no spaces.

### Salesforce

![](/files/hAvf9VtRhxRiCpp53DS1)

Above is a workflow for Salesforce for any mobile OTP app. All steps occur within the Salesforce portal, using a desktop browser running on a workstation with a mouse and a keyboard:

Under **My Personal Information**, click **Advanced User Details**. The user clicks **\[Connect]** to connect to the One-Time Password Generator. Skipping the QR code, the user clicks **I can’t Scan the QR Code**. A new dialog appears with the Key, which is what you would use in your transaction test script.
