Axiom can automate websites behind a login in several different ways.

# Create restricted account(s) for axiom

Our strong recommendation is to create a new, restricted login for axiom automations, with only the permissions required to run an automation.

For example, if an axiom bot is only reading data for creating a report, create an account with read-only permissions.

# Pass sessions at runtime

By default, axiom will pass session information from your local machine into the cloud (or desktop app)

# Keep sessions on the local PC

If security is a concern, we first recommend using our Desktop-app (opens new window) which processes all data on your local machine.

Secondly, we recommend using an isolated Chrome profile.

  1. Create a new Chrome Profile. You can do that from this menu:
  2. Within this profile, install the axiom extension. You can use the same axiom login as before.
  3. Do not login to any websites - your sessions from your main profile will now be isolated.

# Store cookies in the cloud

When axiom bots run in the cloud, on a schedule, or triggered via webhook, they won't have access to your local session cookies.

Although it's possible to store password directly within axiom automations, we do not recommend this.

Instead, axiom contains a dedicated system to store your cookies and resume your session.

This can be accessed from the 'Settings' page for your axiom, under 'Store Cookies'.

Click on 'Populate from Axiom' to automatically populate this with the cookies needed by your automation.

Click on 'Resync cookies' to update your cookies if they expire.

# Store login details

Although it's possible to store password directly within axiom automations, we do not recommend this.

# Store logins securely

Storing logins (or sessions) securely requires setting up password manager infrastructure and processes to manage access. If your organisation does not have this, we suggest a workaround below.

A more secure way to store logins is to use a dedicated password manager or vault, with API access, then retrieve the password at runtime using axiom's webhook or JavaScript functionality.

https://www.vaultproject.io/ is one such solution.

The access key must be stored in axiom. Although this carries similar security risks to passwords, it a key can be quickly invalidated or programmatically set to expire.

# Store logins without a password manager

One workaround, if you do not have a dedicated password manager, is to store credentials within Google Sheets.

Axiom accesses sheets using its Google Authentication permission, then retrieves the data at runtime.

This carries similar advantages (and disadvantages) to a dedicated password manager.

Axiom stores an access token for your Google Drive account, but this access token can be revoked at any time.

# Automate Google Accounts

When using Google accounts with axiom automations, we recommend:

  1. Creating a dedicated Google account with restricted permissions, just for axiom.
  2. Creating a Google account using a VPN set to be in the USA. This reduces security blocks on an account, if it is accessed from multiple regions in a short time.

You may see still see security warnings from Google if this occurs. If you see access from a United States IP (Amazon Web Services), at a time when your bot ran, this will be axiom.

If you consent to axiom using your Google account for its automation:

This can be marked as non-supicious in your Google account (opens new window).

# Automate 2-Factor Authentication (2FA)

If 2-factor authentication is required, axiom bots must be supervised by a human at the start of execution, who can enter the 2FA.

This requires running axiom on Desktop, or using our VPS system on higher tiers.

If you would like axiom to run automations unsupervised (e.g. via Zapier), there is currently no choice but to disable 2FA for the account you want to automate.

Please note - you do so at your own risk. Unfortunately, increasing convenience often reduces security.

If you choose to do this, we strongly recommend using an account with restricted permissions, setup just for axiom.

Steps to disable 2FA on Google Accounts (opens new window).