> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cloudcruise.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Two-Factor Authentication

> Handle two-factor authentication challenges

The **TFA** (Two-Factor Authentication) node handles 2FA challenges during workflow execution. It automatically extracts verification codes from SMS or email, generates TOTP codes from authenticator secrets, or extracts and follows magic links from emails.

This requires proper account configuration (email forwarding, SMS webhook setup, or TOTP secret storage). See the [Two-Factor Authentication](/concepts/twofactor) guide for setup instructions.

## Parameters

| Parameter            | Type   | Required    | Description                                                                                                                                       |
| -------------------- | ------ | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| `tfa_type`           | string | Yes         | Type of 2FA: `SMS`, `EMAIL`, `AUTHENTICATOR`, or `MAGIC_LINK`                                                                                     |
| `credential`         | string | Yes         | Vault credential key for the 2FA receiver (phone number, email, or TOTP secret)                                                                   |
| `selector`           | string | Conditional | XPath selector for the code input field. Required for `STATIC` execution when `tfa_type` is not `MAGIC_LINK`                                      |
| `execution`          | string | No          | Execution type: `STATIC` (UI: "Static") or `LLM_VISION` (UI: "AI (Screenshot)"). Only used when `tfa_type` is not `MAGIC_LINK`. Default: `STATIC` |
| `wait_time`          | number | No          | Maximum time (ms) to wait for the code to arrive. Default: 15000                                                                                  |
| `link_regex_pattern` | string | Conditional | Regex pattern to extract the magic link from the email body                                                                                       |

## TFA Types

### SMS

Automatically extracts the verification code from an SMS message. Requires usage of the CloudCruise phone number shown in your vault entry.

### EMAIL

Automatically extracts the verification code from an email. Requires email forwarding to be configured or direct usage of the CloudCruise email shown in your vault entry.

### AUTHENTICATOR

Generates a TOTP code using the stored authenticator secret. No external service needed.

### MAGIC\_LINK

Automatically extracts the magic login link from an email and navigates to it. Requires email forwarding to be configured or direct usage of the CloudCruise email shown in your vault entry.

## Notes

* The `credential` parameter references a vault credential key, such as the `permissioned_user_id` used for the phone number, email address, or TOTP secret
* Codes are automatically entered and submitted (pressing Enter) after extraction. No subsequent Click action on a "Verify" or "Submit" button is required
* For more details on 2FA setup, see the [Two-Factor Authentication](/concepts/twofactor) guide
