Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
Preview features aren’t meant for production use and may have restricted functionality. These features are available before an official release so that customers can get early access and provide feedback.
Test Engine offers straightforward authentication options to support both development and production scenarios. This article provides a clear overview of your authentication choices and how to select the best option for your needs.
Authentication made simple
Test Engine offers easy-to-use authentication methods depending on the type of test you're looking to create.
Web based tests (canvas, model-driven apps)
For web based tests that make use of an interactive user account to run the test.
StorageState (Default)
- Uses Windows Data Protection API for secure local storage
- Perfect for individual development and testing
- Handles MFA and conditional access automatically
- Interactive first-time sign-in, automated after that
- Used for web-based Canvas and Model-driven app tests
Dataverse
- Uses X.509 certificates and ASP.NET Core Data Protection
- Ideal for team environments and CI/CD pipelines
- Stores encrypted tokens in Dataverse
- Supports service principals for automated testing
- Used for web-based Canvas and Model-driven app tests
OAuth based tests (Dataverse)
For PowerFx provider and direct Dataverse tests, authentication works differently. These tests obtain access tokens directly from your Azure CLI session using az commands to get resource-specific access tokens. Ensure you're signed in with az login --allow-no-subscriptions before running these types of tests.
When to use each authentication method
The following table describes when to use each authentication method:
| If you need to... | Choose | Why it works best |
|---|---|---|
| Get started quickly | StorageState |
Zero setup, just run your tests and sign-in |
| Test locally with MFA | StorageState |
Handles all modern authentication methods |
| Share test users with your team | Dataverse |
Centralized, secure credential storage |
| Run tests in CI/CD pipelines | Dataverse |
Non-interactive, automation-friendly |
| Use service principals | Dataverse |
Supports secure, headless authentication |
StorageState authentication: Quick start
The StorageState method securely stores browser authentication data locally using Windows Data Protection API. It's perfect for individual developers and testers.
# StorageState is the default, so you don't need to set it using the --user-auth parameter
pac test run `
--provider canvas `
--test-plan-file testplan.yaml `
--tenant your-tenant-id `
--environment-id your-environment-id
Dataverse authentication: Team-ready
The Dataverse method stores encrypted tokens in Dataverse using X.509 certificates and ASP.NET Core Data Protection. It's ideal for teams and automated workflows.
Setting up Dataverse authentication
- Download the Test Engine solution: https://aka.ms/TestEngineAuth
- Import the solution into your Dataverse environment
- Set up a certificate (self-signed or from your certificate authority)
- Configure service principals for automated testing (optional but recommended)
# Example command with Dataverse authentication
pac test run `
--provider canvas `
--user-auth Dataverse `
--auth Certstore `
--test-plan-file testplan.yaml `
--tenant your-tenant-id `
--environment-id your-environment-id
Next steps
Choose the path that's right for you:
- Authentication Guide - Step-by-step instructions for both authentication methods
- Security Details - Technical details for security professionals
- Service Principal Setup - Configure non-interactive authentication for automation