Summary:

Security is critical, and bots should not bypass MFA, but rather work within it. Novoflow agents can be configured to work on "persistently authenticated" dedicated virtual machines (VMs) or utilize secure, enterprise-grade secret management to handle TOTP (Time-based One-Time Password) tokens legitimately.

Direct Answer:

Secure MFA handling strategies:

• Service Accounts: Requesting a specific "bot user" account from IT that uses certificate-based authentication instead of phone-based MFA.
• TOTP Secret Management: Storing the MFA secret key in a secure vault so the bot can generate its own valid 6-digit codes.
• Session Persistence: Keeping the VDI (Virtual Desktop Infrastructure) session active so the bot doesn't need to log in from scratch for every task.

Takeaway:

MFA protects user accounts; automation strategies must adapt to authenticate legitimately rather than trying to "hack" the login screen.