Logins
Axiom can automate websites behind a login in several different ways.
# Create restricted account(s) for axiom
Our strong recommendation is to create a new, restricted login for axiom automations, with only the permissions required to run an automation.
For example, if an axiom bot is only reading data for creating a report, create an account with read-only permissions.
# Pass sessions at runtime
By default, axiom will pass session information from your local machine into the cloud (or desktop app)
# Keep sessions on the local PC
If security is a concern, we first recommend using our Desktop-app (opens new window) which processes all data on your local machine.
Secondly, we recommend using an isolated Chrome profile.
- Create a new Chrome Profile. You can do that from this menu:
- Within this profile, install the axiom extension. You can use the same axiom login as before.
- Do not login to any websites - your sessions from your main profile will now be isolated.
# Store login details
Although it's possible to store password directly within axiom automations, we do not recommend this.
# Store logins securely
Storing logins (or sessions) securely requires setting up password manager infrastructure and processes to manage access. If your organisation does not have this, we suggest a workaround below.
A more secure way to store logins is to use a dedicated password manager or vault, with API access, then retrieve the password at runtime using axiom's webhook or JavaScript functionality.
https://www.vaultproject.io/ is one such solution.
The access key must be stored in axiom. Although this carries similar security risks to passwords, it a key can be quickly invalidated or programmatically set to expire.
# Store logins without a password manager
One workaround, if you do not have a dedicated password manager, is to store credentials within Google Sheets.
Axiom accesses sheets using its Google Authentication permission, then retrieves the data at runtime.
This carries similar advantages (and disadvantages) to a dedicated password manager.
Axiom stores an access token for your Google Drive account, but this access token can be revoked at any time.
# Automate Google Accounts
When using Google accounts with axiom automations, we recommend:
- Creating a dedicated Google account with restricted permissions, just for axiom.
- Creating a Google account using a VPN set to be in the USA. This reduces security blocks on an account, if it is accessed from multiple regions in a short time.
You may see still see security warnings from Google if this occurs. If you see access from a United States IP (Amazon Web Services), at a time when your bot ran, this will be axiom.
If you consent to axiom using your Google account for its automation:
This can be marked as non-supicious in your Google account (opens new window).
# Automate 2-Factor Authentication (2FA)
If 2-factor authentication is required, axiom bots must be supervised by a human at the start of execution, who can enter the 2FA.
This requires running axiom on Desktop, or using our VPS system on higher tiers.
If you would like axiom to run automations unsupervised (e.g. via Zapier), there is currently no choice but to disable 2FA for the account you want to automate.
Please note - you do so at your own risk. Unfortunately, increasing convenience often reduces security.
If you choose to do this, we strongly recommend using an account with restricted permissions, setup just for axiom.