This guideline shows how to record an EveryStep monitoring script for an application that requires two-factor authentication (2FA) during login.

Since 2FA adds an extra verification step (such as a 6-digit TOTP code), additional configuration is required to allow the script to log in automatically and securely.

This process includes:

  1. Setting up a third-party Time-Based One-Time Password (TOTP) method in your Microsoft 365 account.
  2. Saving the secret key securely.
  3. Recording the login process using EveryStep Recorder.
  4. Configuring automatic TOTP generation in the script using a Secure Vault encrypted variable.

Once completed, the monitoring script will be able to log in successfully without manual code entry, even when 2FA is enabled.

Setting Up Third-Party Time-Based OTP (TOTP) Sign-in Method

Go to Your Security Page

  • Choose Authenticator app and click Add.

  • Select “Set up a different authenticator app”.

  • When QR appears → click “Can’t scan image?”.

  • You will now see your Secret key. This key is the “shared secret” used to generate your 6-digit login codes. Copy the key and make sure to save it to be able to use the key later.

  • Click Next. You will be asked to provide a 6-digit code to verify your authentication app. Keep the window open.

Add the Key to Your TOTP App or to a third-party TOTP Token Generator

  • Open your third-party authenticator app or any TOTP generator.
  • Provide the copied secret key and generate a 6-digit code.

It must be Time-based (TOTP).

If you are using a TOTP App on your phone, after setup make sure phone time is automatic. TOTP codes depend on accurate time.

Verify

  • Your app will now show a 6-digit code.
  • Enter that code on the Microsoft screen.

  • Click Verify.

If the code is accepted, your setup is completed successfully. Make sure you see a confirmation screen before proceeding.

Recording a Script in Dotcom-Monitor EveryStep Recorder

Login to your Dotcom-Monitor account and start recording a sign-in step to your Office 365 account with EveryStep Recorder.

At the Approve your sign in request step:

  • Click I can’t use my authenticator app right now.

  • Select Use a verification code.

  • Go to your TOTP generator app.
  • Generate a 6-digit code using the secret key saved earlier.
  • Provide the code in the EveryStep Recorder.

Wait until login completes successfully, then stop recording.

Configuring Automatic TOTP Generation in EveryStep Scripting Tool

The goal of this step is to configure automatic TOTP code generation inside the script. The secret key will be stored securely in the Dotcom-Monitor Secure Vault as an encrypted variable.

The system will automatically generate a TOTP code each time the monitoring script runs.

Convert the Code to a Secure Variable

  • Find the TOTP 6-digit code input step in the script code.

  • Click the related TypeText method to edit the code value.

In the TypeText settings panel:

  • Click the three-dot menu in the method settings.
  • Select Convert to Crypt Variable.

Set up a new variable for the secret key:

  • Provide the secret key value in the Value field.

  • Click Done to save the variable.

Click Update in the TypeText settings panel to apply changes.

Replace Manual Code with Automatic TOTP Expression

Open the script editor.

Find the TOTP code input step in the script code.

Replace the code inside the TypeText method with:

GetTOTPPin ((string)Vault.<Vault Name>.<Variable Name>)

The variable name must match exactly the one created during the crypt variable setup.

Update the script code and:

  • Save the script to your monitoring device
    OR
  • Continue recording if required

Final Result

Your monitoring script will now automatically generate a valid TOTP code using the encrypted secret key each time it runs.

No manual code entry required.