{"id":8595,"date":"2026-01-10T13:04:40","date_gmt":"2026-01-10T07:34:40","guid":{"rendered":"https:\/\/www.testleaf.com\/blog\/?p=8595"},"modified":"2026-01-10T13:08:17","modified_gmt":"2026-01-10T07:38:17","slug":"selenium-stay-logged-in-sso-otp","status":"publish","type":"post","link":"https:\/\/www.testleaf.com\/blog\/selenium-stay-logged-in-sso-otp\/","title":{"rendered":"Selenium: How to Stay Logged In During Testing"},"content":{"rendered":"<div style=\"margin-top: 0px; margin-bottom: 0px;\" class=\"sharethis-inline-share-buttons\" ><\/div><!--[if lt IE 9]><script>document.createElement('audio');<\/script><![endif]-->\n<audio class=\"wp-audio-shortcode\" id=\"audio-8595-1\" preload=\"none\" style=\"width: 100%;\" controls=\"controls\"><source type=\"audio\/mpeg\" src=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Selenium-How-to-Stay-Logged-In-During-Testing.mp3?_=1\" \/><a href=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Selenium-How-to-Stay-Logged-In-During-Testing.mp3\">https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Selenium-How-to-Stay-Logged-In-During-Testing.mp3<\/a><\/audio>\n<p>&nbsp;<\/p>\n<p>Modern applications rarely have a simple \u201cusername + password on one page\u201d anymore.<br \/>\nYou see:<\/p>\n<ul>\n<li><strong>SSO (Single Sign-On)<\/strong> with redirects to Google \/ Azure AD \/ Okta<\/li>\n<li><strong>OTP<\/strong> (one-time passwords) via SMS or email<\/li>\n<li>Security rules that <strong>expire sessions<\/strong> quickly<\/li>\n<\/ul>\n<p>For real users this is great for security.<br \/>\nFor Selenium tests\u2026 it can be a nightmare.<\/p>\n<p>If you try to run the full login + SSO + OTP flow in every test, your suite becomes:<\/p>\n<ul>\n<li>Slow<\/li>\n<li>Flaky<\/li>\n<li>Hard to run in <a href=\"https:\/\/www.testleaf.com\/blog\/stage-by-stage-ci-cd-pipeline-dev-qa-preprod-prod\/\">CI\/CD<\/a><\/li>\n<\/ul>\n<p>The good news: you don\u2019t need to automate every tiny step of authentication every single time. You can handle login smartly once, then <strong>reuse sessions<\/strong>.<\/p>\n<p>Let\u2019s break it down.<\/p>\n<p><strong>Explore More:<\/strong> <a href=\"https:\/\/www.testleaf.com\/blog\/selenium-interview-questions\/\">selenium interview questions<\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"1_Problem_Logging_in_on_every_test\"><\/span><strong>1. Problem: Logging in on every test<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.testleaf.com\/blog\/selenium-stay-logged-in-sso-otp\/#1_Problem_Logging_in_on_every_test\" >1. Problem: Logging in on every test<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.testleaf.com\/blog\/selenium-stay-logged-in-sso-otp\/#2_Handling_SSO_with_Selenium_%E2%80%93_dont_over-test_it\" >2. Handling SSO with Selenium \u2013 don\u2019t over-test it<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.testleaf.com\/blog\/selenium-stay-logged-in-sso-otp\/#3_OTP_flows_%E2%80%93_dont_scrape_real_SMS\" >3. OTP flows \u2013 don\u2019t scrape real SMS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.testleaf.com\/blog\/selenium-stay-logged-in-sso-otp\/#4_Cookies_preserving_sessions_across_tests\" >4. Cookies &amp; preserving sessions across tests<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.testleaf.com\/blog\/selenium-stay-logged-in-sso-otp\/#5_Preserving_sessions_in_CI_pipelines\" >5. Preserving sessions in CI pipelines<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.testleaf.com\/blog\/selenium-stay-logged-in-sso-otp\/#6_Security_considerations\" >6. Security considerations<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.testleaf.com\/blog\/selenium-stay-logged-in-sso-otp\/#FAQs\" >FAQs<\/a><\/li><\/ul><\/nav><\/div>\n\n<p>A typical anti-pattern in many Selenium suites:<\/p>\n<p>@Test<\/p>\n<p>public void testCreateOrder() {<\/p>\n<p>\/\/ 1. Go to login page<\/p>\n<p>\/\/ 2. Enter username\/password<\/p>\n<p>\/\/ 3. Complete SSO redirect<\/p>\n<p>\/\/ 4. Handle OTP<\/p>\n<p>\/\/ 5. Finally land on dashboard<\/p>\n<p>\/\/ 6. Start actual test steps&#8230;<\/p>\n<p>}<\/p>\n<p>Now imagine 200 tests doing the same login again and again.<\/p>\n<ul>\n<li>Time wasted = huge<\/li>\n<li>More moving parts = more flakiness<\/li>\n<li>SSO\/OTP providers may even <strong>rate limit<\/strong> or block you<\/li>\n<\/ul>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter size-full wp-image-8598\" src=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Why-logging-in-on-every-test-breaks-your-Selenium-suite.webp\" alt=\"Why logging in on every test breaks your Selenium suite\" width=\"1920\" height=\"1080\" srcset=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Why-logging-in-on-every-test-breaks-your-Selenium-suite.webp 1920w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Why-logging-in-on-every-test-breaks-your-Selenium-suite-300x169.webp 300w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Why-logging-in-on-every-test-breaks-your-Selenium-suite-1024x576.webp 1024w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Why-logging-in-on-every-test-breaks-your-Selenium-suite-768x432.webp 768w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Why-logging-in-on-every-test-breaks-your-Selenium-suite-1536x864.webp 1536w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Why-logging-in-on-every-test-breaks-your-Selenium-suite-150x84.webp 150w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><\/p>\n<p>Instead, treat login as a <strong>separate concern<\/strong> and <strong>reuse the session<\/strong> wherever possible.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"2_Handling_SSO_with_Selenium_%E2%80%93_dont_over-test_it\"><\/span><strong>2. Handling SSO with <a href=\"https:\/\/www.testleaf.com\/blog\/why-automation-testing-with-selenium-is-still-the-1-choice-in-2026\/\">Selenium<\/a> \u2013 don\u2019t over-test it<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SSO usually means:<\/p>\n<ol>\n<li>Your app redirects to an Identity Provider (IdP) like Google, Azure AD, Okta.<\/li>\n<li>User signs in there.<\/li>\n<li>IdP redirects back with an authenticated session.<\/li>\n<\/ol>\n<p>Do you need to test every SSO screen in Selenium?<br \/>\nIn most cases \u2013 <strong>no<\/strong>.<\/p>\n<p>Better pattern:<\/p>\n<ul>\n<li>Test SSO <strong>once<\/strong> in a dedicated flow (or even manually \/ with API tests).<\/li>\n<li>For the majority of UI tests, <strong>start from an already logged-in state<\/strong>.<\/li>\n<\/ul>\n<p>Options:<\/p>\n<ol>\n<li><strong>Test environment \u201cbackdoor\u201d login<\/strong>\n<ul>\n<li>Developers expose a special URL only in lower environments like:<br \/>\n\/test-login?user=qa.admin<\/li>\n<li>This directly creates the right session without redirecting through SSO.<\/li>\n<li>Your Selenium tests hit this URL at the start.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Pre-generated SSO tokens for test users<\/strong>\n<ul>\n<li>CI pipeline retrieves tokens via API.<\/li>\n<li>Your app accepts that token and starts a session.<\/li>\n<li>Selenium just rides on that session.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>In other words: keep SSO complexity <strong>out<\/strong> of most UI tests.<\/p>\n<p><strong>Other Helpful Articles:<\/strong> <a href=\"https:\/\/www.testleaf.com\/blog\/top-30-playwright-interview-questions-and-answers-2025-updated-guide\/\">playwright interview questions<\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"3_OTP_flows_%E2%80%93_dont_scrape_real_SMS\"><\/span><strong>3. OTP flows \u2013 don\u2019t scrape real SMS<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-8597\" src=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/SSO-OTP-in-Selenium-what-to-avoid-and-what-to-do-instead.webp\" alt=\"SSO OTP in Selenium what to avoid and what to do instead\" width=\"1920\" height=\"1080\" srcset=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/SSO-OTP-in-Selenium-what-to-avoid-and-what-to-do-instead.webp 1920w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/SSO-OTP-in-Selenium-what-to-avoid-and-what-to-do-instead-300x169.webp 300w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/SSO-OTP-in-Selenium-what-to-avoid-and-what-to-do-instead-1024x576.webp 1024w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/SSO-OTP-in-Selenium-what-to-avoid-and-what-to-do-instead-768x432.webp 768w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/SSO-OTP-in-Selenium-what-to-avoid-and-what-to-do-instead-1536x864.webp 1536w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/SSO-OTP-in-Selenium-what-to-avoid-and-what-to-do-instead-150x84.webp 150w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><\/p>\n<p>For OTP, many teams try to:<\/p>\n<ul>\n<li>Integrate with real SMS\/email inboxes<\/li>\n<li>Scrape codes<\/li>\n<li>Wait for messages in real time<\/li>\n<\/ul>\n<p>This is often slow and flaky.<\/p>\n<p>Better ideas:<\/p>\n<ul>\n<li><strong>Bypass OTP in test environments<\/strong>\n<ul>\n<li>Accept a fixed OTP like 000000 for certain test users.<\/li>\n<li>Or expose \/test-otp?user=qa.admin that returns the current OTP.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Use API-level hooks<\/strong>\n<ul>\n<li>Store the OTP in a database table that you can query.<\/li>\n<li>Selenium calls an internal helper\/API to read it, instead of polling an inbox UI.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Golden rule: <strong>Never force UI automation to do what an API or internal hook can do faster and more reliably.<\/strong><\/p>\n<h2><span class=\"ez-toc-section\" id=\"4_Cookies_preserving_sessions_across_tests\"><\/span><strong>4. Cookies &amp; preserving sessions across tests<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Once you manage to log in successfully, the browser holds your authenticated state in:<\/p>\n<ul>\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/HTTP_cookie\"><strong>Cookies<\/strong><\/a><\/li>\n<li>Possibly <strong>localStorage<\/strong> \/ <strong>sessionStorage<\/strong><\/li>\n<\/ul>\n<p>In Selenium, you can <strong>extract cookies<\/strong> and apply them later in another test or browser instance.<\/p>\n<pre>Example (Java):\r\n\r\n\/\/ After login\r\n\r\nSet&lt;Cookie&gt; cookies = driver.manage().getCookies();\r\n\r\n\/\/ Store them somewhere static\/global for this suite\r\n\r\nSessionStore.authCookies = cookies;\r\n\r\nLater, in another test:\r\n\r\ndriver.get(\"https:\/\/your-app.com\/\");\r\n\r\nfor (Cookie cookie : SessionStore.authCookies) {\r\n\r\n\u00a0\u00a0\u00a0 driver.manage().addCookie(cookie);\r\n\r\n}\r\n\r\ndriver.navigate().refresh(); \/\/ Apply cookies and become logged-in<\/pre>\n<p><strong>This way:<\/strong><\/p>\n<ul>\n<li>You log in <strong>once<\/strong> (maybe in a @BeforeSuite or a special \u201cbootstrap\u201d test).<\/li>\n<li>Remaining tests <strong>reuse cookies<\/strong> instead of doing login again and again.<\/li>\n<\/ul>\n<p><strong>Caveats:<\/strong><\/p>\n<ul>\n<li>Cookies may be <strong>domain-specific<\/strong> (watch for different subdomains).<\/li>\n<li>Some systems store important data in <strong>localStorage<\/strong>; for that you might need <a href=\"https:\/\/www.testleaf.com\/blog\/selenium-slider-automation-complete-guide-with-actions-javascript-2025\/\">JavaScript<\/a> execution to copy\/restore values.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.testleaf.com\/course\/selenium-automation-certification-training-course.html?utm_source=blog_post&amp;utm_medium=Organic&amp;utm_campaign=Blog_Post\"><img decoding=\"async\" class=\"aligncenter wp-image-5159 size-full\" src=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/06\/Selenium.jpg\" alt=\"Selenium training in chennai\" width=\"2048\" height=\"512\" srcset=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/06\/Selenium.jpg 2048w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/06\/Selenium-300x75.jpg 300w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/06\/Selenium-1024x256.jpg 1024w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/06\/Selenium-768x192.jpg 768w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/06\/Selenium-1536x384.jpg 1536w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/06\/Selenium-150x38.jpg 150w\" sizes=\"(max-width: 2048px) 100vw, 2048px\" \/><\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"5_Preserving_sessions_in_CI_pipelines\"><\/span><strong>5. Preserving sessions in <a href=\"https:\/\/www.testleaf.com\/blog\/retry-logic-ci-cd-handle-flaky-tests\/\">CI pipelines<\/a><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In CI (Jenkins, GitHub Actions, GitLab, etc.), you usually:<\/p>\n<ul>\n<li>Start a fresh browser per test run (or per worker).<\/li>\n<li>Want to avoid hitting SSO\/OTP repeatedly.<\/li>\n<\/ul>\n<p>Patterns that work:<\/p>\n<ol>\n<li><strong>\u201cLogin bootstrap\u201d test<\/strong>\n<ul>\n<li>First, run a small test suite whose only job is to:\n<ul>\n<li>Launch Selenium<\/li>\n<li>Log in once<\/li>\n<li>Save cookies to a file (e.g., JSON)<\/li>\n<\/ul>\n<\/li>\n<li>Then other tests read that file and import cookies into new browser sessions.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Shared Docker image or browser profile<\/strong>\n<ul>\n<li>For long-lived agents, you can re-use a browser profile with saved sessions.<\/li>\n<li>More brittle, but sometimes used in practice.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Parallel runs<\/strong>\n<ul>\n<li>For <a href=\"https:\/\/www.testleaf.com\/blog\/parallel-test-execution-with-selenium-grid-azure-kubernetes-scaling-qa-without-sacrificing-time\/\">parallel testing<\/a>, either:\n<ul>\n<li>Each worker performs its own login <strong>once<\/strong> then reuses its own cookies, or<\/li>\n<li>A central login process generates tokens\/cookies which are distributed to workers.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>The key idea is always the same:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8599\" src=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Reuse-login.webp\" alt=\"Reuse login\" width=\"1920\" height=\"1080\" srcset=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Reuse-login.webp 1920w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Reuse-login-300x169.webp 300w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Reuse-login-1024x576.webp 1024w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Reuse-login-768x432.webp 768w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Reuse-login-1536x864.webp 1536w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2026\/01\/Reuse-login-150x84.webp 150w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><\/p>\n<p>\u201cLogin is expensive. Do it rarely. Reuse the session as much as possible.\u201d<\/p>\n<p><strong>Recommended for You:<\/strong> <a href=\"https:\/\/www.testleaf.com\/blog\/2025-top-automation-testing-infosys-interview-questions-with-expert-answers-from-testleaf-for-2-to-5-years-experience\/\">Automation testing interview questions<\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"6_Security_considerations\"><\/span><strong>6. Security considerations<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Even in test environments:<\/p>\n<ul>\n<li>Protect any files that store cookies or tokens.<\/li>\n<li>Avoid using <strong>production accounts<\/strong> for automation.<\/li>\n<li>Make sure test-only \u201cbackdoor\u201d endpoints are <strong>disabled in production<\/strong>.<\/li>\n<\/ul>\n<h3><strong>Conclusion<\/strong><\/h3>\n<p>SSO, OTP, and session expiry are part of modern secure applications\u2014but they don\u2019t have to make your Selenium tests painful. By:<\/p>\n<ul>\n<li>Avoiding full SSO\/OTP UI flows in every test<\/li>\n<li>Using test-only login shortcuts<\/li>\n<li>Saving and reusing cookies or session info<\/li>\n<li>Designing your CI to treat login as a shared, reusable step<\/li>\n<\/ul>\n<p>\u2026you turn authentication from a bottleneck into a one-time setup.<\/p>\n<p>Selenium then focuses on what matters: <strong>testing the real user journeys<\/strong>, not wrestling with login pages all day.<\/p>\n<p>If you\u2019re planning to join <a href=\"https:\/\/www.testleaf.com\/course\/selenium-automation-certification-training-course.html?utm_source=blog_post&amp;utm_medium=Organic&amp;utm_campaign=Blog_Post\"><strong><em data-start=\"246\" data-end=\"276\">Selenium training in chennai<\/em><\/strong><\/a>, make sure the course teaches real CI-friendly practices\u2014like reusing sessions\/cookies and avoiding full SSO\/OTP UI login in every test.<\/p>\n<p>&nbsp;<\/p>\n<h2 data-start=\"388\" data-end=\"425\"><span class=\"ez-toc-section\" id=\"FAQs\"><\/span><strong>FAQs<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h5 data-start=\"427\" data-end=\"489\"><strong>1) Why is logging in on every test a bad idea in Selenium?<\/strong><\/h5>\n<p data-start=\"490\" data-end=\"741\">Because repeating full login + SSO + OTP in every test makes your suite <strong data-start=\"562\" data-end=\"603\">slow, <a href=\"https:\/\/www.testleaf.com\/blog\/retry-logic-ci-cd-handle-flaky-tests\/\">flaky<\/a>, and hard to run in CI\/CD<\/strong>. It also adds unnecessary moving parts and wastes time when many tests repeat the same login steps.<\/p>\n<h5 data-start=\"743\" data-end=\"802\"><strong>2) What\u2019s the biggest anti-pattern with SSO\/OTP suites?<\/strong><\/h5>\n<p data-start=\"803\" data-end=\"1039\">Running the complete authentication flow inside every test\u2014imagine \u201c200 tests doing the same login again and again.\u201d This increases flakiness and can even trigger rate limits from SSO\/OTP providers.<\/p>\n<h5 data-start=\"1041\" data-end=\"1101\"><strong>3) Should I automate SSO screens in every Selenium test?<\/strong><\/h5>\n<p data-start=\"1102\" data-end=\"1310\">Usually, no. A better approach is to <strong data-start=\"1139\" data-end=\"1176\">test SSO once in a dedicated flow<\/strong> (or manually \/ via API tests), and keep most UI tests starting from an already logged-in state.<\/p>\n<h5 data-start=\"1312\" data-end=\"1370\"><strong>4) What should I do instead of over-testing SSO in UI?<\/strong><\/h5>\n<p data-start=\"1371\" data-end=\"1629\">Use a test-environment shortcut like a <strong data-start=\"1410\" data-end=\"1428\">backdoor login<\/strong> (example: <strong data-start=\"1439\" data-end=\"1468\">\/test-login?user=qa.admin<\/strong>) to create the session directly, or use <strong data-start=\"1509\" data-end=\"1555\">pre-generated SSO tokens retrieved via API<\/strong> so Selenium \u201crides\u201d on the session.<\/p>\n<h5 data-start=\"1631\" data-end=\"1678\"><strong>5) What should I avoid with OTP automation?<\/strong><\/h5>\n<p data-start=\"1679\" data-end=\"1838\">Don\u2019t scrape real SMS\/email by integrating inboxes, scraping codes, or waiting in real time\u2014this is often slow and flaky.<\/p>\n<h5 data-start=\"1840\" data-end=\"1903\"><strong>6) What\u2019s the best alternative to OTP scraping in Selenium?<\/strong><\/h5>\n<p data-start=\"1904\" data-end=\"2153\">Bypass OTP in test environments: use a fixed OTP like <strong data-start=\"1958\" data-end=\"1968\">000000<\/strong> for test users, expose a test endpoint like <strong data-start=\"2013\" data-end=\"2040\">\/test-otp?user=qa.admin<\/strong>, or use API-level hooks (OTP stored in DB; Selenium reads via helper\/API).<\/p>\n<h5><strong>We Also Provide Training In:<\/strong><\/h5>\n<ul>\n<li><a href=\"https:\/\/www.testleaf.com\/course\/selenium-automation-certification-training-course.html?utm_source=blog_post&amp;utm_medium=Organic&amp;utm_campaign=Blog_Post\"><strong>Advanced Selenium Training<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.testleaf.com\/course\/playwright.html?utm_source=blog-post&amp;utm_medium=Organic&amp;utm_campaign=Blog_Post\"><strong>Playwright Training<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.testleaf.com\/course\/genai-qa-engineers-training-course.html?utm_source=blog-post&amp;utm_medium=Organic&amp;utm_campaign=Blog_Post\"><strong>Gen AI Training<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.testleaf.com\/course\/aws-cloud-architect-certification-training-course.html?utm_source=blog-post&amp;utm_medium=Organic&amp;utm_campaign=Blog_Post\"><strong>AWS Training<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.testleaf.com\/course\/rest-api-testing-certification-training-course.html?utm_source=blog-post&amp;utm_medium=Organic&amp;utm_campaign=Blog_Post\"><strong>REST API Training<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.testleaf.com\/course\/full-stack-developer-certification-training-course.html?utm_source=blog-post&amp;utm_medium=Organic&amp;utm_campaign=Blog_Post\"><strong>Full Stack Training<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.testleaf.com\/course\/appium-mobile-automation-certification-training-course.html?utm_source=blog-post&amp;utm_medium=Organic&amp;utm_campaign=Blog_Post\"><strong>Appium Training<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.testleaf.com\/course\/dev-ops-master-certification-training-course.html?utm_source=blog-post&amp;utm_medium=Organic&amp;utm_campaign=Blog_Post\"><strong>DevOps Training<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.testleaf.com\/course\/apache-jmeter-testing-training-course.html?utm_source=blog-post&amp;utm_medium=Organic&amp;utm_campaign=Blog_Post\"><strong>JMeter Performance Training<\/strong><\/a><\/li>\n<\/ul>\n<h6><strong>Author\u2019s Bio<\/strong>:<\/h6>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-6744 size-full alignleft\" src=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/09\/Kadhir.png\" sizes=\"(max-width: 200px) 100vw, 200px\" srcset=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/09\/Kadhir.png 200w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/09\/Kadhir-150x150.png 150w, https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/09\/Kadhir-96x96.png 96w\" alt=\"Kadhir\" width=\"200\" height=\"200\" \/><\/p>\n<p>Content Writer at Testleaf, specializing in SEO-driven content for test automation, software development, and cybersecurity. I turn complex technical topics into clear, engaging stories that educate, inspire, and drive digital transformation.<\/p>\n<p><strong>Ezhirkadhir Raja<\/strong><\/p>\n<p>Content Writer \u2013 Testleaf<\/p>\n<p><a href=\"http:\/\/linkedin.com\/in\/ezhirkadhir\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.testleaf.com\/blog\/wp-content\/uploads\/2025\/07\/linkedin.png\" alt=\"LinkedIn Logo\" width=\"28\" height=\"28\" \/><\/a><\/p>\n<p data-start=\"490\" data-end=\"741\">\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; Modern applications rarely have a simple \u201cusername + password on one page\u201d anymore. You see: SSO (Single Sign-On) with redirects to Google \/ Azure AD \/ Okta OTP (one-time passwords) via SMS or email Security rules that expire sessions quickly For real users this is great for security. For Selenium tests\u2026 it can be &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/www.testleaf.com\/blog\/selenium-stay-logged-in-sso-otp\/\"> <span class=\"screen-reader-text\">Selenium: How to Stay Logged In During Testing<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":8596,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-sidebar-layout":"default","site-content-layout":"default","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":""},"categories":[16],"tags":[70,29,805,130,782],"class_list":["post-8595","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-selenium","tag-learn-selenium","tag-selenium","tag-selenium-automation-testing","tag-selenium-coding","tag-selenium-dom"],"acf":[],"aioseo_notices":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.testleaf.com\/blog\/wp-json\/wp\/v2\/posts\/8595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testleaf.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.testleaf.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.testleaf.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testleaf.com\/blog\/wp-json\/wp\/v2\/comments?post=8595"}],"version-history":[{"count":6,"href":"https:\/\/www.testleaf.com\/blog\/wp-json\/wp\/v2\/posts\/8595\/revisions"}],"predecessor-version":[{"id":8607,"href":"https:\/\/www.testleaf.com\/blog\/wp-json\/wp\/v2\/posts\/8595\/revisions\/8607"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.testleaf.com\/blog\/wp-json\/wp\/v2\/media\/8596"}],"wp:attachment":[{"href":"https:\/\/www.testleaf.com\/blog\/wp-json\/wp\/v2\/media?parent=8595"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testleaf.com\/blog\/wp-json\/wp\/v2\/categories?post=8595"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testleaf.com\/blog\/wp-json\/wp\/v2\/tags?post=8595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}