Skip to content
Using a 2fa code from icloud keychain
Got a problem with Viscosity or need help? Ask here!
Hey there folks,
Viscosity seems to be able to access the password for a session when you choose to store it in a user's login keychain, which is synchronized via icloud to multiple devices.
We recently added 2fa support to our VPN -- does the Keychain API allow viscosity to auto-fill a TOTP code stored in the system keychain as well?
Viscosity seems to be able to access the password for a session when you choose to store it in a user's login keychain, which is synchronized via icloud to multiple devices.
We recently added 2fa support to our VPN -- does the Keychain API allow viscosity to auto-fill a TOTP code stored in the system keychain as well?
Hi thegushi,
I'm afraid it's not something we have tried, however Viscosity does set the correct OTP field type for the challenge field, so it may work out of the box (for example it does work with SMS verification codes).
However if it doesn't, one potential issue is that Keychain verification codes have an issuing domain associated with them. You may need to grant Viscosity permission on the verification code in the Keychain (using Keychain Access), and if that fails, you may need to set an associated domain (assuming these are managed machines): https://support.apple.com/en-au/guide/d ... f64513/web
As a final option, you may be able to write an AppleScript script to grab the TOTP code from the Keychain (or other TOTP app) for you, and then make use of Viscosity's Pre-Connection Credentials feature to provide this to the connection automatically:
https://www.sparklabs.com/support/kb/ar ... redentials
Cheers,
James
I'm afraid it's not something we have tried, however Viscosity does set the correct OTP field type for the challenge field, so it may work out of the box (for example it does work with SMS verification codes).
However if it doesn't, one potential issue is that Keychain verification codes have an issuing domain associated with them. You may need to grant Viscosity permission on the verification code in the Keychain (using Keychain Access), and if that fails, you may need to set an associated domain (assuming these are managed machines): https://support.apple.com/en-au/guide/d ... f64513/web
As a final option, you may be able to write an AppleScript script to grab the TOTP code from the Keychain (or other TOTP app) for you, and then make use of Viscosity's Pre-Connection Credentials feature to provide this to the connection automatically:
https://www.sparklabs.com/support/kb/ar ... redentials
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts
Page 1 of 1