EUM Monitor (Web UI)

The EUM (End User Monitoring) monitor type executes multi-step user journeys in a real web browser, exactly as an end user would experience them. This page is the full specification of the EUM engine: capabilities, scenario script functions, TOTP/MFA support, and secrets/key-vault integration.

Overview

Property Value
Engine Selenium 4 WebDriver + BrowserMob proxy
Browsers Chrome, Firefox, Edge
Scenario source Recorded with MNS IDE (or Selenium IDE)
Database exec.db
Runs on The Monitor probe

EUM scenarios are executed headless by default on the probe; each run replays the recorded journey, measures every declared transaction, and reports timings, screenshots, video, and HAR data back to the Webserver.


Capabilities

  • Multi-step transaction recording (via MNS IDE or Selenium IDE)
  • Individual transaction timing with critical/major thresholds, enriched with window.performance browser metrics
  • Screenshot capture: on error, per transaction, or on every step (photo mode)
  • Video recording of the entire execution
  • HAR (HTTP Archive) capture of all network traffic through the embedded proxy
  • TOTP (Time-based One-Time Password) support for 2FA / MFA
  • Encrypted credentials — embedded (AES) or retrieved from an external key vault at runtime
  • Corporate proxy configuration
  • Visual similarity checking

Scenario Script Functions

Scenario files are generated by the MNS IDE recorder and call the following built-in functions:

Function Purpose
mnsStartTransaction(name, timeout, critical_ms, major_ms) Start a named, timed transaction with thresholds
mnsStopTransaction() Stop the current transaction and record its timing + window.performance metrics
captureScreenshotReport(...) Capture a screenshot into the run report
highlightElement(element) Visually highlight an element before interacting with it
acceptCookie(...) Dismiss cookie-consent banners
waitForWindow(...) Wait for and switch to a new browser window/tab
MNSDecrypt("...") Decrypt an embedded encrypted credential at runtime

Example:

mnsStartTransaction("Login Page", 30, 5000, 3000)  // name, timeout, critical_ms, major_ms
driver.findElement(By.id("username")).sendKeys("user")
driver.findElement(By.id("password")).sendKeys(MNSDecrypt("q1hjZXR0ZSBjbGUgZXN0..."))
driver.findElement(By.id("submit")).click()
mnsStopTransaction()

TOTP / MFA Support

The EUM engine can generate TOTP codes during a scenario, allowing monitors to log in to applications protected by two-factor authentication.

Supported specification: RFC 6238

Parameter Value
Algorithm HMAC-SHA1
Code length 6 digits
Time step 30 seconds
Shared secret encoding Base32

These are the same parameters used by Google Authenticator, so any identity provider offering a “Google Authenticator”-style TOTP enrollment is compatible — including Okta, Microsoft Entra ID, Google, and Duo.

The TOTP shared secret is stored AES-encrypted and delivered to the engine at runtime through the TOTP_SECRET_<urlTitle> environment variable.

Okta compatibility

Okta factor Supported
Google Authenticator factor (standard TOTP) ✅ Exact match with the supported parameters
Okta Verify — TOTP mode ✅ Capture the shared secret at enrollment time
Okta Verify — Push ❌ Proprietary push protocol, not TOTP
Custom TOTP factor with non-default parameters (SHA-256/512, 8 digits, time step ≠ 30 s) ❌ Not currently supported

Secrets & Key-Vault Integration

EUM scenarios never store passwords in clear text. Two mechanisms are available:

1. Embedded encrypted credentials

Passwords can be embedded directly in the scenario as AES-encrypted strings and decrypted at runtime with MNSDecrypt("..."). Operators generate the encrypted strings with the engine’s password-encrypt mode and paste them into the scenario.

2. External key vaults

Credentials can be retrieved at runtime from an external secrets manager, so they never appear in the scenario at all:

Provider vaultType
HashiCorp Vault hashicorp
Azure Key Vault azure
CyberArk Conjur cyberark

At execution time, the retrieved credentials are delivered to the scenario through per-monitor environment variables:

Environment variable Content
VAULT_USERNAME_<urlTitle> Username fetched from the vault
VAULT_PASSWORD_<urlTitle> Password fetched from the vault
TOTP_SECRET_<urlTitle> Encrypted TOTP shared secret

Vault connection settings (vaultType, URLs, tokens) are configured on the Monitor probe — see Monitor Configuration → Vault Integration.

Translations