Authentication methods

XBOW usually needs to authenticate with a target before it can start testing. For information on creating a test account and defining how to authenticate, see Define authentication for testing.

Supported methods

• Username and password
• Multi-factor authentication using time-based one-time passwords (TOTP) from an authenticator app or email
• Single sign-on (SSO) using an identity provider such as Okta
• Magic links
• Social logins (login with GitHub or Microsoft account)
• Static “bearer tokens” (API keys)
• HTTP basic authentication

Unsupported methods

• Registering accounts or authenticating with partially onboarded accounts.
• Multi-factor authentication using SMS.
• Social login using Google accounts. Google blocks XBOW requests, even after successful authentication.
• Authentication methods that require the user to pass a CAPTCHA test.