# TOTP Examples for SSO The examples below of third-party authenticators are for illustration purposes only. The workflows are subject to change. See the ThousandEyes [transaction scripting examples repository](https://github.com/thousandeyes/transaction-scripting-examples) for further examples. ## Secret Token From QR Code The secret token often comes in a form of a QR code: ![](/files/Yzykl4XxNlZSsvB8gOyT) You need to convert the QR code into a secret token. You can scan the QR code with your mobile phone, or convert it using a desktop or CLI app. {% hint style="warning" %} Do not use online QR scanners, as that will expose the secret token to 3rd parties. {% endhint %} The QR code will decode into a string like: ``` otpauth://totp/Ledgy:Lone Must?secret=N5LVC5JZNVVDSUZPJFIWUZSHGFDGMZJU&issuer=Ledgy ``` The secret token is just the **N5LVC5JZNVVDSUZPJFIWUZSHGFDGMZJU** part. Once you have the secret token, you should store it in the **ThousandEyes Credentials Repository** as described in [Working With Secure Credentials](https://docs.thousandeyes.com/product-documentation/browser-synthetics/transaction-tests/getting-started/working-with-secure-credentials). Then, use the following code in your transaction test script to generate a one time password in every transaction run: ``` const secretToken = credentials.get('TOTP Secret Token'); const totp = authentication.getTimeBasedOneTimePassword(secretToken); const totpElement = await driver.findElement(By.xpath(`//input[@id="totp"]`)); await totpElement.clear(); await totpElement.sendKeys(totp); ``` ## Variants for Setting Up Common Authenticators This section shows the user experience for TOTP workflows, which we can then relate to the scripting used to implement these workflows in ThousandEyes transaction tests. These workflows are for you to generate a secret key, for use in your transaction test scripts. They’re not generating the one-time password, they’re generating the keys that you will need to generate the OTP each time the transaction test is run. ### Google Authenticator ![](/files/haFgupqYwVsh2IxrjwYn) Above is a workflow for Okta with Google Authenticator as the mobile OTP app. All steps occur within the Okta portal, using a desktop browser running on a workstation with a mouse and a keyboard: The user sets up extra verification in their user profile, and clicks **Set up** for the Google Authenticator option. A dialog appears, directing the user to install Google Authenticator on their mobile device (not shown). Instead of clicking **Next**, the user clicks **Can’t scan?** Okta generates the secret key and presents it to the user. ### Microsoft Authenticator ![](/files/0ph70VyCVr2Kyva9dYZJ) Above is a workflow for Microsoft Authenticator with any mobile OTP app. All steps occur within a Microsoft identity portal, using a desktop browser running on a workstation with a mouse and a keyboard: The user visits the Microsoft portal and chooses the steps for **Additional security verification** and selects these options: Choose **Use verification code from app** Provide **Authentication phone number** Choose **Authenticator app or Token** Click **Set up Authenticator app** Under **Configure mobile app**, do not scan the QR code. Instead, click **Configure app without notifications**. A secret key is generated and shown. Note that the key, which is lowercase with spaces, should be entered into your transaction test script in all caps, with no spaces. ### Salesforce ![](/files/hAvf9VtRhxRiCpp53DS1) Above is a workflow for Salesforce for any mobile OTP app. All steps occur within the Salesforce portal, using a desktop browser running on a workstation with a mouse and a keyboard: Under **My Personal Information**, click **Advanced User Details**. The user clicks **\[Connect]** to connect to the One-Time Password Generator. Skipping the QR code, the user clicks **I can’t Scan the QR Code**. A new dialog appears with the Key, which is what you would use in your transaction test script. ### Sample TOTP in Recorder IDE Here is how a one-time password appears when testing the script in the Recorder IDE. ![](/files/kl55SBrxXYKsbpy07dcQ) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.thousandeyes.com/product-documentation/browser-synthetics/transaction-test-sso-support/totp-examples.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.