Use Passkeys (FIDO2) In Browser Tests

Overview

Passkeys (FIDO2) offer stronger security than the standard username and password tuple, and rely on cryptographic login credentials that are unique across every website. Passkeys never leave your user’s devices and are never stored on a web application server. This security model eliminates the risks of phishing, all forms of password theft, and replay attacks.

You can use passkeys as a replacement for a username and password, or as a second factor authentication. By generating, storing, and leveraging passkeys, Synthetic Monitoring can help you test your critical passkey-protected user journeys without disabling this important security measure.

Create your Virtual Authenticator global variable

Passkeys in Synthetic Monitoring are handled by Virtual Authenticator global variables. To create a Virtual Authenticator global variable storing your passkeys, see the Global Variables - Virtual Authenticator section in Synthetic Monitoring .

Create a Virtual Authenticator global variable

Use passkeys in your Synthetic browser tests

Synthetic Monitoring supports passkeys in browser tests for Chrome and Edge.

Add passkeys to a browser test

  1. Click Digital Experience > New Test > Browser Test.
  2. Click Save & Edit Recording.
  3. On the recording page, click Add Variable > Create variable from Global Variable.
  4. Supply the passkeys stored in your virtual authenticator global variable that you created in the previous step.
Adding your Virtual Authenticator global variable to your browser test

Test a registration flow

To test a registration flow using passkeys in your browser tests:

  1. Import your Virtual Authenticator global variable into your test.
  2. Navigate to the page to register your passkey. When recording your test, Datadog automatically generates and stores a new passkey by using the imported virtual authenticator global variable.
  3. After recording your test steps, click Save & Launch Test.

Test a login flow

To test a login flow using a passkey in your browser tests, you need to first register your Datadog passkey on the web application (see section above). This is required once per passkey and application.

Choose one of the following options:

  • Create a test that embeds both steps for the registration and login flows
  • Complete the registration flow from within the recorder, but without recording the registration steps

Note: To avoid creating a new user for each test scenario involving passkey authentication, it’s recommended to combine user creation and authentication in the same step.

  1. Import your virtual authenticator global variable.
  2. Navigate to the page to login with your passkey. When recording your test, Datadog automatically logs in using the passkey previously registered on the web application with the selected virtual authenticator.
  3. After recording your test steps, click Save & Launch Test.

Further Reading

Additional helpful documentation, links, and articles:

Learn more about authentication in browser testDOCUMENTATION more more TOTPs for Multi-Factor Authentication (MFA) in browser testsDOCUMENTATION more more Learn more about global variablesDOCUMENTATION more more
PREVIEWING: rtrieu/product-analytics-ui-changes