MFA authentication to server - for automation


Any idea how can I pass an MFA token to log in to a server using N8N, we seem to be stuck around how this can be achieved so we can dynamically login to the server to perform an automated action

And also is there a way i can pass a certificate for authentication?

Hi @Allwynpradip, could you share some additional details here? What service are you trying to connect to and is there documentation available?

@MutedJam – we are using teleport as a middleman which uses TLS and it, in turn, connects to Microsoft AD for authentication. the documentation for teleport is Introduction to Teleport | Teleport Docs.

all of our server access is through teleport and it has dual authentication, because of which we are not able to automate via N8N

Let me know if this helps.

Hey @Allwynpradip,

Is it Teleport you are trying to connect to? It looks like it is just an API to get city information, Is that link the correct Teleport?

The problem here will be that MFA is dynamic so while you can generate TOTP codes if the authentication is done on a series of redirects or using prompts instead of TOTP the options are very limited. You may be able to use an AD account that doesn’t have MFA enabled through a policy but you would want to restrict the access to it, Then you have the other authentication step which I can’t find any information for on the Teleport site.

@jon – my apologies, i tagged in a wrong URL earlier, Introduction to Teleport | Teleport Docs this is the correct url for the application.

Hey @Allwynpradip,

That is interesting it looks like an open version of the old SSH CryptoAuditor product, So looking at those docs there may not really be a lot you can do with n8n at the moment. If you have managed to get it to a point where it is asking for the MFA token depending on the type you might be able to generate and send it but you would need to know the endpoint to send it to.

It may be worth starting by building a custom docker image that contains the Teleport client then you may be able to set up a policy in Teleport for that client to skip some checks. Out of interest if you do manage to get to the server is there a specific service you want to interact with on it?

An alternative option would be to install n8n inside that network then you can access what you need to from that instance which would solve the issue of not being able to access to the server directly.

1 Like