# Google Auth

{% hint style="warning" %}
**Use a Google account on your company domain for testing.**

Do not use a newly created free Gmail account. Google will likely block it or flag the login as bot behavior.
{% endhint %}

To let the agent log in with Google Auth, follow these steps:

{% stepper %}
{% step %}
**Navigate to security settings**

Go to the settings page of your account: <https://myaccount.google.com/u/1/security>

<figure><img src="/files/XyYiJJenyd6NUZGWJerm" alt=""><figcaption></figcaption></figure>

Start the authenticator app setup flow.
{% endstep %}

{% step %}
**MFA Onboarding**

Click on the authenticator app option to configure the MFA.

<figure><img src="/files/Ia2HzfnzmvD49cLXuqnn" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Get secret instead of code**

When you see the QR code, select **"Can't scan it?"**

<figure><img src="/files/r9lKi3XEv0tZIbDdXMYt" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Copy the key**

<figure><img src="/files/F1xdxAltqPwhdfygKFEf" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Store key in password manager**

Store the key in a password manager of your choice. We recommend one that lets you copy the secret easily, such as 1Password or Bitwarden.
{% endstep %}

{% step %}
**Complete the flow and enable 2-Step Verification**

<figure><img src="/files/KJOIv5cAJ2o6KnyzCikB" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Set up authentication in Aikido Pentest**

Write your instructions in a format like this:

```
Step 1: Go to domain.com/login
Step 2: Select "Google Login". You will be redirected to accounts.google.com
Step 3: Provide the following credentials:
- username: security-test@company.com
- password: wrongpassword
Step 4: Generate the TOTP and log in
Success criteria: When you log in successfully, you will see "Hello Patrick" on the home screen
```

{% endstep %}

{% step %}
**Add the TOTP URL**

Add the key in base32 format. Remove spaces from the Google key before you paste it.

<figure><img src="/files/46OJm2wEr1L9xtScON3p" alt=""><figcaption></figcaption></figure>
{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/pentests/configure-a-pentest/setting-up-authenticated-testing/google-auth.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.