FeaturesAuth TestingUsername & Password

Basic Authentication (Username & Password)

Basic auth is the simplest authentication type: email/username + password on a login form.

When to Use

  • ✅ Traditional login forms (email + password)
  • ✅ Email-based accounts
  • ✅ No 2FA enabled
  • ❌ For TOTP/MFA, use TOTP auth instead
  • ❌ For OTP codes, use Email OTP instead

Setup Guide

1
Navigate to Personas
Go to Dashboard → Personas, or Settings → Personas tab
2
Click 'Create Persona'
Button in top-right corner
3
Fill Basic Information
Name (e.g., 'QA Admin'), Project, Email address
4
Select Auth Type
Choose 'Basic Auth' from the dropdown
5
Enter Credentials
Email and password (password is encrypted immediately)
6
Save Persona
Click 'Create'. Credentials are now encrypted at rest

Persona Fields

FieldRequiredExampleNotes
NameQA AdminUser-friendly name for reference
ProjectAcme E-commerceWhich project this persona belongs to
Emailqa-admin@example.comLogin email address
PasswordSecurePass123!Never shown after saving, encrypted
Login URLOptionalhttps://app.example.com/loginAuto-filled if set
DescriptionOptionalTest admin accountWhat this persona is for

Using in Tests

In Manual Tests

  1. Create a test case
  2. When running, select the persona from dropdown
  3. AI automatically logs in using the stored credentials

In AI-Generated Tests

Specify in the prompt:

"Generate tests for the admin dashboard. Use the QA Admin persona for login."

In Test Plans

Tests in the plan inherit the persona selection:

Test Plan: Admin Workflow
├─ Use Persona: QA Admin
├─ Test 1: Admin can view user list
├─ Test 2: Admin can delete users
└─ Test 3: Admin can reset passwords

What Happens During Execution

When a test with a persona runs:

1. Test starts
2. AI sees login page
3. AI decrypts persona (AES-256)
4. AI fills email field: qa-admin@example.com
5. AI fills password field: (from encrypted storage)
6. AI clicks Sign In button
7. Page navigates to dashboard
8. Session cached for future runs
9. Test continues with authenticated state

Result: Login is 100% automated. No manual password entry.

Session Caching

After first login, the session (cookies + localStorage) is cached for 8 hours:

Run 1: Login takes ~5 seconds
Run 2: Session restored, login skipped (~1 second)

To manually clear a cached session:

  1. Go to Personas
  2. Click the persona
  3. Click “Clear Session” button
  4. Next run will re-authenticate

Credentials Security

Your credentials are protected:

LayerMethod
At RestAES-256-GCM encryption
In TransitHTTPS/TLS
In LogsPasswords never logged or exposed
AccessOnly your organization; only visible on creation
AuditAll persona usage is logged

Important

  • Never reuse production passwords for test personas
  • Create dedicated test accounts for each persona
  • Use strong passwords (12+ chars, mixed case, numbers, symbols)
  • Rotate passwords periodically
  • Delete unused personas to reduce attack surface

Multi-Persona Testing

Test role-based features with multiple personas:

Test: "Admin can invite user, user can accept"
├─ Step 1: Login as Admin (Persona: QA Admin)
├─ Step 2: Send invite to user@example.com
├─ Step 3: Logout
├─ Step 4: Login as User (Persona: QA User)
├─ Step 5: Verify invitation in inbox
├─ Step 6: Accept invitation
└─ Result: ✓ Pass

Each persona maintains its own session.

Troubleshooting

”Login Failed” Error

Likely causes:

  • Wrong email or password
  • Account is locked (too many failed attempts)
  • Account is disabled or deleted
  • MFA enabled (use TOTP auth instead)

Fix:

  1. Verify credentials manually in your browser
  2. Check if account is active in admin panel
  3. Try resetting the account password
  4. Confirm MFA is not enabled

Session Expires Mid-Test

Sessions cache for 8 hours. If a test runs > 8 hours after login:

  • Option 1: Disable caching (clear session after each test)
  • Option 2: Re-login mid-test (“Add login step midway”)
  • Option 3: Increase session TTL (contact support)

Multiple Users with Same Email

Not supported. Create separate test accounts with different emails:

❌ Don't do this:
  Persona 1: admin@example.com (admin role)
  Persona 2: admin@example.com (user role)

✓ Do this instead:
  Persona 1: qa-admin@example.com
  Persona 2: qa-user@example.com

Best Practices

  1. Use dedicated test accounts — Don’t use real user accounts
  2. Strong passwords — 12+ chars, mix of upper/lower/numbers/symbols
  3. Avoid special characters — Some login forms don’t handle them well
  4. Test both success and failure — Valid AND invalid credentials
  5. Rotate credentials — Change passwords quarterly
  6. Document personas — Keep notes on which persona is which role
  7. Secure persona emails — Use test domain if available (qa@example.com)

Next Steps

OverviewEmail OTP & Magic Link