Skip to main content

How MindFort Authentication Works

MindFort logs into your application through the browser—just like a real user would. Your login instructions tell MindFort exactly how to authenticate and where to go afterward.
Key Concept: MindFort navigates to your login page, enters credentials, and then proceeds to test your target application. Clear instructions ensure successful authentication.

The Most Common Mistake

Many users confuse the target URL with the login URL:
FieldWhat It IsExample
Target URLThe application you want testedhttps://app.yourcompany.com
Login URLWhere the agent authenticateshttps://yourcompany.com/login
Do NOT set your login page as the target. The target should be your actual application—the dashboard, admin panel, or main app interface you want tested. The login page is specified in your login instructions.

Writing Good Login Instructions

Your login instructions should answer three questions:
  1. Where does the agent go to log in?
  2. How does the agent authenticate?
  3. Where does the agent end up after login?

Simple Template

1. Go to [LOGIN_URL]
2. Enter username and password in the login form
3. Click the login/sign in button
4. After login, you will be redirected to [TARGET_URL] (or navigate to [TARGET_URL])

Real Examples

Target URL: https://app.example.com/dashboardLogin Instructions:
1. Go to https://example.com/login
2. Enter the username and password in the form
3. Click "Sign In"
4. You will be redirected to https://app.example.com/dashboard
Target URL: https://app.example.comLogin Instructions:
1. Go to https://auth.example.com/login
2. Enter credentials and click "Log In"
3. After authentication, navigate to https://app.example.com
4. You should see the main dashboard
Target URL: https://portal.example.com/homeLogin Instructions:
1. Go to https://portal.example.com/login
2. Enter username and password
3. Click "Continue"
4. On the next screen, click "Skip" to bypass the onboarding wizard
5. You will arrive at https://portal.example.com/home
Target URL: https://app.example.comLogin Instructions:
1. Go to https://app.example.com/login
2. Click "Sign in with Google" (or the appropriate SSO button)
3. Enter the email address and password on the Google login page
4. After authentication, you will be redirected back to https://app.example.com

What to Include

Do Include

  • Exact login page URL
  • Which button to click
  • Post-login redirect behavior
  • Any popups to dismiss
  • MFA status (disabled for test account)

Don't Include

  • Actual passwords (those go in credentials)
  • Vague instructions like “log in normally”
  • Assumptions about the interface
  • Steps that can’t be automated

Special Scenarios

Two-Factor Authentication (2FA/MFA)

MindFort cannot complete interactive 2FA challenges (like authenticator apps or hardware keys). You must:
  • Disable 2FA on your test account, OR
  • Use Agent Email authentication for email-based codes
Note: 2FA is disabled for this test account.

1. Go to https://app.example.com/login
2. Enter username and password
3. Click "Sign In"
4. You will be redirected to the dashboard
Coming Soon: Agent Email authentication (IMAP-based magic link retrieval) is planned for a future release. For now, applications using magic link or passwordless authentication cannot be tested with authenticated access.

Multi-Step Login

Some applications have username and password on separate screens: 
1. Go to https://app.example.com/login
2. Enter the username/email and click "Next"
3. On the password screen, enter the password and click "Sign In"
4. After login, navigate to https://app.example.com/dashboard

Troubleshooting

Login Not Working

  1. Verify credentials work - Manually test the username/password
  2. Check login URL - Make sure the URL in your instructions is correct
  3. Simplify instructions - Remove unnecessary steps
  4. Check for CAPTCHA - Disable CAPTCHA for your test account or whitelist MindFort IPs

Authenticated But No Findings

  1. Check target URL - Ensure it points to the authenticated area, not the login page
  2. Verify redirect - Confirm where users land after successful login
  3. Session issues - Some apps expire sessions quickly; note this in instructions
Test It Yourself: Before running an assessment, manually follow your own login instructions step-by-step. If anything is unclear to you, it will be unclear to MindFort.

Quick Reference

TARGET URL: https://app.yourcompany.com/dashboard
           (the authenticated area to test)

LOGIN INSTRUCTIONS:
1. Go to https://yourcompany.com/login
   (where to authenticate)

2. Enter username and password, click "Sign In"
   (how to authenticate)

3. You will be redirected to https://app.yourcompany.com/dashboard
   (where you end up after login)