Skip to main content
Answer

MFA/ 2 Factor Authentication

  • September 11, 2023
  • 1 reply
  • 504 views
J
Forum|alt.badge.img+4

We have existing solutions in an application that is going to implement 2nd factor/ MFA in the very near future.  Our concern is that our inventory of bots will become inoperable if they cannot log into the application. 

 

Is there any option/ability for the unattended botworker to resolve the additional layer of security?

 

Has anyone had any luck in coming up with a workaround?

 

 

Thanks

Best answer by ravi.pothana

Hi @Justin107544 

Current limitations of MFA support

  • MFA is not currently supported when the automation is initially started.
    • This is because the Bot Agent Service does not have the ability to fetch and pass back MFA information when it logs into its local device.

Typical workaround

  • Exempt the Bot Runner users from MFA requirements.
    • This is done by restricting the Bot Agent devices to a set of Bot Runner users, as well as restricting network access to and from the Bot Agent devices to the required connections for functionality.
  • We can send the code to the runner account via email. The code will be embedded in the email body, and we can use a logic to parse the email body and get the code from the email body. However, this method requires a dedicated email account for the runner account.
Vatsy

1 reply

R
Automation Anywhere Team
Forum|alt.badge.img+8
  • ravi.pothana
  • Automation Anywhere Team
  • Answer
  • September 12, 2023

Hi @Justin107544 

Current limitations of MFA support

  • MFA is not currently supported when the automation is initially started.
    • This is because the Bot Agent Service does not have the ability to fetch and pass back MFA information when it logs into its local device.

Typical workaround

  • Exempt the Bot Runner users from MFA requirements.
    • This is done by restricting the Bot Agent devices to a set of Bot Runner users, as well as restricting network access to and from the Bot Agent devices to the required connections for functionality.
  • We can send the code to the runner account via email. The code will be embedded in the email body, and we can use a logic to parse the email body and get the code from the email body. However, this method requires a dedicated email account for the runner account.
Vatsy
H
Terms & ConditionsCookie settingsAccessibility statement