Why Add Credentials
Credentials let assessments access authenticated areas that are not visible to public crawling. Credentials and login instructions are used together:- credentials provide what to enter
- login instructions provide where and how agents should log in
Credential Types
MindFort supports four credential types. Each targets a different authentication flow your application may use.| Type | Auth Flow |
|---|---|
| Application Login | Username & password |
| Authenticator 2FA | Username, password & TOTP code |
| SMS MFA | Username, password & SMS code |
| SMS Login | Phone number & SMS code only |
Application Login
Standard username and password authentication.| Field | Required |
|---|---|
| Credential Name | Yes |
| Username | Yes |
| Password | Yes |
| Role | Yes (default: user) |
| Description | No |
- Open Target Inventory and select a target.
- Click Add Credential and choose Username & Password.
- Enter the username and password for the test account.
- Select the appropriate role and save.
Authenticator 2FA
Username and password authentication with a TOTP-based second factor. MindFort generates time-based codes automatically during assessments using the secret you provide.| Field | Required |
|---|---|
| Credential Name | Yes |
| Username | Yes |
| Password | Yes |
| TOTP Secret | Yes |
| Role | Yes (default: user) |
| Description | No |
JBSWY3DPEHPK3PXP). You can usually find this during the authenticator setup flow where a QR code is displayed — look for a “Can’t scan?” or “Manual entry” option to reveal the text secret.
Setup:
- Open Target Inventory and select a target.
- Click Add Credential and choose Authenticator 2FA.
- Enter the username, password, and the base32 TOTP secret.
- Select the appropriate role and save.
SMS MFA
Username and password authentication where the second factor is an SMS verification code. MindFort provisions a dedicated phone number automatically and reads incoming codes during assessments.| Field | Required |
|---|---|
| Credential Name | Yes |
| Username | Yes |
| Password | Yes |
| Role | Yes (default: user) |
| Description | No |
- Open Target Inventory and select a target.
- Click Add Credential and choose SMS MFA.
- Enter the username and password for the test account.
- Save the credential — a phone number will be provisioned.
- Copy the provisioned phone number from the credentials table and register it as the MFA number on your target application’s account settings.
- (Optional) If the target application sends a verification code to confirm the phone number during registration, click the message icon in the credentials table Actions column and press Check for Code to retrieve it. Enter the code in the target application to complete registration.
SMS Login
Phone-number-only authentication where a one-time code is sent via SMS instead of using a password. MindFort provisions a dedicated phone number and reads incoming codes during assessments.| Field | Required |
|---|---|
| Credential Name | Yes |
| Role | Yes (default: user) |
| Description | No |
- Open Target Inventory and select a target.
- Click Add Credential and choose SMS Login.
- Save the credential — a phone number will be provisioned.
- Copy the provisioned phone number from the credentials table and register it as a user on your target application.
- (Optional) If the target application sends a verification code during account creation, click the message icon in the credentials table Actions column and press Check for Code to retrieve it. Enter the code in the target application to complete registration.
Credential Guidelines
- Use dedicated test accounts — avoid personal or production admin accounts.
- Keep account access scoped to what you want tested.
- Rotate credentials regularly.
- For SMS credential types, contact support if the option is not available for your organization.