vodorod/Dorod-Sky
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
Dorod-Sky/docs/cloud/managing-credentials/totp-setup.mdx
Naman bf8c7de8f9 cloud ui docs + cookbooks (#4759) 
Co-authored-by: Ritik Sahni <ritiksahni0203@gmail.com>
Co-authored-by: Kunal Mishra <kunalm2345@gmail.com>
2026-02-16 22:14:40 +00:00

82 lines
3.5 KiB
Plaintext
Raw Permalink Blame History

---
title: 2FA / TOTP Setup
subtitle: Configure two-factor authentication for automated logins
slug: cloud/managing-credentials/totp-setup
---
Skyvern handles 2FA through two mechanisms. **Authenticator App (TOTP)** generates codes locally from your secret key — fully automatic. **Email/SMS** waits for you to push the code via the UI or API. Both are configured on the [password credential](/cloud/managing-credentials/password-credentials) itself.
## Authenticator App (TOTP)
The preferred method. Store a TOTP secret key in a password credential, and Skyvern generates valid 6-digit codes on demand during login flows. The Login block enters credentials, detects the 2FA prompt, generates a fresh code, and enters it — all automatic.
**Setup:** Create a password credential → expand **Two-Factor Authentication** → select **Authenticator App** → paste the TOTP secret key into the **Authenticator Key** field.
The secret key is the base32-encoded string behind the QR code you'd normally scan. Copy it from your password manager (Bitwarden: TOTP field; 1Password: One-Time Password field) or look for a "Can't scan the QR code?" link during the site's 2FA setup.
## Email and SMS codes
When a site sends codes via email or text, someone (or something) needs to deliver the code to Skyvern.
The flow:
1. Login block enters username and password
2. Site sends a 2FA code to the configured email or phone
3. You push the code to Skyvern via the **2FA tab** or the API
4. Skyvern enters the code and completes the login
### Pushing a code manually
Open the **2FA** tab on the Credentials page. The **Push a 2FA Code** form has two fields:
| Field | What to enter |
|-------|--------------|
| **Identifier** | The email address or phone number that received the code |
| **Verification content** | The full email/SMS body, or just the code itself — Skyvern extracts the digits automatically |
<Tip>
If multiple workflows are running simultaneously, click **Add optional metadata** to link the code to a specific run using the workflow run ID, workflow ID, or task ID.
</Tip>
### Pushing codes via API
For production, automate code delivery. Set up a forwarding rule that sends 2FA emails/texts to a script, and the script calls:
```bash
curl -X POST "https://api.skyvern.com/v1/credentials/totp" \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"totp_identifier": "user@example.com",
"content": "Your verification code is 847291",
"source": "email_forwarder"
}'
```
The `source` field is a free-text label for your own tracking (e.g., `"email_forwarder"`, `"twilio_webhook"`).
This turns email-based 2FA into something nearly as automated as authenticator app — the main difference is latency while the email arrives and gets forwarded.
## Viewing past codes
The table below the push form shows all 2FA codes your organization has received: identifier, extracted code, source type, associated workflow run, and timestamps. Filter by identifier, OTP type (numeric code vs. magic link), and number of results per page.
Use this for auditing and debugging — confirming that a code was received and delivered to the right run.
<CardGroup cols={2}>
<Card
title="Password Credentials"
icon="key"
href="/cloud/managing-credentials/password-credentials"
>
Create credentials with 2FA methods attached
</Card>
<Card
title="Credentials Overview"
icon="lock"
href="/cloud/managing-credentials/credentials-overview"
>
All credential types, external providers, and security model
</Card>
</CardGroup>
Reference in New Issue View Git Blame Copy Permalink