> ## Documentation Index
> Fetch the complete documentation index at: https://momentic.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Strategies for authenticating into your app from a Momentic test without breaking on SSO or 2FA.

<Warning>
  Avoid using Momentic tests to log in using SSO. Providers like Google,
  Facebook, and GitHub often have security measures that block automated
  browsers.
</Warning>

This page covers how to obtain credentials for specific login mechanisms. For
**where to put login steps** (inline, in the `before` section, or a cached auth
module) and which approach to choose, see
[Authentication strategies](/guides/auth/overview).

## Username and password

The simplest case: add a **Type** step for the username, a **Type** step for the
password, and a **Click** on the submit button. Pull the values from
[environment variables](/core-concepts/variables) (`{{ env.TEST_USERNAME }}`)
rather than hard-coding credentials in the test file.

## Email magic link

<Info>
  **Prerequisites**: An email address must be provisioned by Momentic.
</Info>

Add a **JavaScript** step with the following content:

```javascript theme={null}
// fetch the latest email from the inbox
const msg = await email.fetchLatest({
  inbox: "<YOUR USERNAME HERE>",
});

// extract the magic link using regex
const link = msg.text.match(/https?:\/\/[^\s]+/)[0];

return link;
```

Use the **Save to environment variable** option to save the link to an
environment variable, e.g., `MAGIC_LINK`.

Then, use the **Navigate** step with content `{{ env.MAGIC_LINK }}` to navigate
to the magic link and complete the login process.

## Email One-Time Password (OTP)

<Info>
  **Prerequisites**: An email address must be provisioned by Momentic.
</Info>

Add a **JavaScript** step with the following content:

```javascript theme={null}
// fetch the latest email from the inbox
const msg = await email.fetchLatest({
  inbox: "<YOUR USERNAME HERE>",
});

// extract the code using regex
const code = msg.text.match(/\b\d{6}\b/);

return code;
```

Use the **Save to environment variable** option to save the code to an
environment variable, e.g., `OTP_CODE`.

Then, use the **Type** step with content `{{ env.OTP_CODE }}` to input the OTP
code and complete the login process.

## SMS One-Time Password (OTP)

<Info>**Prerequisites**: A SMS number must be provisioned by Momentic.</Info>

Add a **JavaScript** step with the following content:

```javascript theme={null}
// fetch the latest message from the inbox
const msg = await sms.fetchLatest({
  to: "<YOUR SMS NUMBER HERE>",
});

// extract the code using regex
const code = msg.body.match(/\b\d{6}\b/);

return code;
```

Use the **Save to environment variable** option to save the code to an
environment variable, e.g., `OTP_CODE`.

Then, use the **Type** step with content `{{ env.OTP_CODE }}` to input the OTP
code and complete the login process.

## Vercel Deployment Protection

Follow Vercel's
[protection bypass for automation](https://vercel.com/docs/deployment-protection/methods-to-bypass-deployment-protection/protection-bypass-automation)
guide. Configure the bypass header in your test options.

## IP whitelist

For teams that use the Momentic dashboard, whitelist Momentic's fixed egress IP:
`34.106.239.183`.
