Custom multi-step login setup with MFA

valor
valor
Community Member
edited February 2021 in 1Password in the Browser

Hey there,
I'm wondering if there's a (manual?) way to set up multi-step logins. I understand you can't address every potential entry form or method.
I typically use MS Edge Dev (currently v 90.0.796.0) and have the browser extension from the MS store at v1.23.0.

Specifically, I'm trying to set up the following flow:
1. Navigate to https://nowlearning.service-now.com/lxp and hit "Login" (or other ServiceNow property)
2. The SSO for ServiceNow properties sends you here: https://signon.service-now.com/x_snc_sso_auth.do
3. Depending on how recently you've logged in and if you've selected "Remember me" you may get presented with 1, 2, or 3 steps -- Email (Next), Password (Sign In), Enter the passcode (TOTP -- Verify).

Using 1Pass in the browser, the email gets filled, I have to click in the password box to fill the pw (this is OK), but the token never gets filled. Each time a code is needed (multiple times a day) I have to go to the 1Pass browser extension, copy the code manually and paste it into the box.

[EDIT] I'd also love to see OS-level support for MS Edge


1Password Version: 7.7
Extension Version: 1.23.0
OS Version: 10.15.7
Sync Type: 1Password
Referrer: forum-search:Multi-step login setup

Comments

  • Hey @valor. :smile: The general process for mult-page logins is described here:

    https://support.1password.com/create-multi-page-login/

    If the one-time password isn't being filled for you automatically, does it fill if you open the pop-up again and click "Autofill" (rather than copying and pasting)?

    [EDIT] I'd also love to see OS-level support for MS Edge

    Could you clarify what you mean here?

  • valor
    valor
    Community Member
    edited February 2021

    Thanks for the response, really appreciate it.
    1. No, the OTP does not fill if you click "autofill" from the extension menu, neither using the browser extension (formerly 1Password X) nor using the macOS plugin / 1Password helper in Safari
    2. Per my edit: currently, the only option for MS Edge is the "browser extension" that requires its own unlock instead of connecting to 1Password Helper for what I'm calling the "OS-level support" leveraging 1Password helper.

    I reviewed the link provided before I posted -- I guess I'm looking for more technical guidance (I'm a web developer) along with detail for supporting OTP flows.

  • ag_yaron
    ag_yaron
    1Password Alumni
    edited February 2021

    Thanks for clarifying @valor .

    1Password has a built-in session manager that (usually) figures out when it needs to keep autofilling on multi-pages login forms.
    I see that the password field is indeed being autofilled after clicking it, which means the session manager knows it should autofill but the website does a weird refresh and takes the focus away from the password field, so your manual click is required to regain focus on the password field, which then allows the session manager to autofill it.

    As for the 2FA/TOTP field, it sounds like 1Password doesn't recognize it as a TOTP field at all, which might happen if the field is poorly designed and does not have a name/ID that describes it as such, or simply has some strange javascript that prevents 1Password from interacting with it.

    The best thing you can do here is capture the page's structure when you're on that TOTP field and send it over to us so we can investigate and teach 1Password how to interact with that specific field if possible. There's nothing you can do on your side that will make it work, we just need to get 1Password to recognize that field as a TOTP field, which will then allow the session manager to keep the session alive throughout the TOTP field's step.

    Here's how to send us the page's structure:

    1. Get to the TOTP field but do not fill it, leave it empty.
    2. Right click the 1Password icon on the top right corner of your browser and select "Help" -> "Collect page structure".
    3. Copy the page's structure into a text file and send it over to us at support+extensions@1password.com with a short description and a link to this forum discussion so we can connect the dots faster.

    As for the Edge Dev support, you can definitely get 1Password to work with the 1Password Classic extension in it like so:

    1. Install the latest beta of 1Password for Mac: https://support.1password.com/betas
    2. Install 1Password Classic in Edge Dev: https://support.1password.com/cs/1password-classic-extension/
    3. Copy the NativeMessagingHost file from Chrome's supporting folder into Edge Dev's supporting folder: https://support.1password.com/could-not-connect/#if-you-use-chrome-canary-or-microsoft-edge
    4. Quit Edge completely, quit 1Password completely (or restart the computer if you prefer).
    5. Relaunch and unlock 1Password, relaunch Edge Dev. 1Password Classic should now work.
  • valor
    valor
    Community Member

    @ag_yaron CAN I SEND YOU A BEER??
    Just an FYI, on MS Edge (Dev -- v90) I only had to do #s 1 and 2.

    Awesome information, much appreciated. I know your goal is for the app to "just work" (which it does!) but for developer/power users I'd love to see more in-depth documentation, or a link to such a repo if it works.

  • Hello @valor,

    We already got your file, and let us continue our conversation from there.

This discussion has been closed.