Custom multi-step login setup with MFA

valorvalor
edited February 18 in 1Password in the Browser

Hey there,
I'm wondering if there's a (manual?) way to set up multi-step logins. I understand you can't address every potential entry form or method.
I typically use MS Edge Dev (currently v 90.0.796.0) and have the browser extension from the MS store at v1.23.0.

Specifically, I'm trying to set up the following flow:
1. Navigate to https://nowlearning.service-now.com/lxp and hit "Login" (or other ServiceNow property)
2. The SSO for ServiceNow properties sends you here: https://signon.service-now.com/x_snc_sso_auth.do
3. Depending on how recently you've logged in and if you've selected "Remember me" you may get presented with 1, 2, or 3 steps -- Email (Next), Password (Sign In), Enter the passcode (TOTP -- Verify).

Using 1Pass in the browser, the email gets filled, I have to click in the password box to fill the pw (this is OK), but the token never gets filled. Each time a code is needed (multiple times a day) I have to go to the 1Pass browser extension, copy the code manually and paste it into the box.

[EDIT] I'd also love to see OS-level support for MS Edge


1Password Version: 7.7
Extension Version: 1.23.0
OS Version: 10.15.7
Sync Type: 1Password
Referrer: forum-search:Multi-step login setup

Comments

  • ag_michaelcag_michaelc

    Team Member

    Hey @valor. :smile: The general process for mult-page logins is described here:

    https://support.1password.com/create-multi-page-login/

    If the one-time password isn't being filled for you automatically, does it fill if you open the pop-up again and click "Autofill" (rather than copying and pasting)?

    [EDIT] I'd also love to see OS-level support for MS Edge

    Could you clarify what you mean here?

  • valorvalor
    edited February 22

    Thanks for the response, really appreciate it.
    1. No, the OTP does not fill if you click "autofill" from the extension menu, neither using the browser extension (formerly 1Password X) nor using the macOS plugin / 1Password helper in Safari
    2. Per my edit: currently, the only option for MS Edge is the "browser extension" that requires its own unlock instead of connecting to 1Password Helper for what I'm calling the "OS-level support" leveraging 1Password helper.

    I reviewed the link provided before I posted -- I guess I'm looking for more technical guidance (I'm a web developer) along with detail for supporting OTP flows.

  • ag_yaronag_yaron

    Team Member
    edited February 23

    Thanks for clarifying @valor .

    1Password has a built-in session manager that (usually) figures out when it needs to keep autofilling on multi-pages login forms.
    I see that the password field is indeed being autofilled after clicking it, which means the session manager knows it should autofill but the website does a weird refresh and takes the focus away from the password field, so your manual click is required to regain focus on the password field, which then allows the session manager to autofill it.

    As for the 2FA/TOTP field, it sounds like 1Password doesn't recognize it as a TOTP field at all, which might happen if the field is poorly designed and does not have a name/ID that describes it as such, or simply has some strange javascript that prevents 1Password from interacting with it.

    The best thing you can do here is capture the page's structure when you're on that TOTP field and send it over to us so we can investigate and teach 1Password how to interact with that specific field if possible. There's nothing you can do on your side that will make it work, we just need to get 1Password to recognize that field as a TOTP field, which will then allow the session manager to keep the session alive throughout the TOTP field's step.

    Here's how to send us the page's structure:

    1. Get to the TOTP field but do not fill it, leave it empty.
    2. Right click the 1Password icon on the top right corner of your browser and select "Help" -> "Collect page structure".
    3. Copy the page's structure into a text file and send it over to us at [email protected] with a short description and a link to this forum discussion so we can connect the dots faster.

    As for the Edge Dev support, you can definitely get 1Password to work with the 1Password Classic extension in it like so:

    1. Install the latest beta of 1Password for Mac: https://support.1password.com/betas
    2. Install 1Password Classic in Edge Dev: https://support.1password.com/cs/1password-classic-extension/
    3. Copy the NativeMessagingHost file from Chrome's supporting folder into Edge Dev's supporting folder: https://support.1password.com/could-not-connect/#if-you-use-chrome-canary-or-microsoft-edge
    4. Quit Edge completely, quit 1Password completely (or restart the computer if you prefer).
    5. Relaunch and unlock 1Password, relaunch Edge Dev. 1Password Classic should now work.
  • @ag_yaron CAN I SEND YOU A BEER??
    Just an FYI, on MS Edge (Dev -- v90) I only had to do #s 1 and 2.

    Awesome information, much appreciated. I know your goal is for the app to "just work" (which it does!) but for developer/power users I'd love to see more in-depth documentation, or a link to such a repo if it works.

  • nhat_1Pnhat_1P

    Team Member

    Hello @valor,

    We already got your file, and let us continue our conversation from there.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file