Logins

Axiom can automate websites behind a login in several different ways.

# Strong Recommendation - create restricted account(s) for axiom.

Our recommendation is to create a new, restricted login for axiom automations, with only the permissions required to run an automation.

For example, if an axiom bot is only reading data for creating a report, create an account with read-only permissions.

# Passing sessions at runtime

By default, axiom will pass session information from your local machine into the cloud (or desktop app)

# Keeping sessions on the local PC

If security is a concern, we first recommend using our Desktop-app which processes all data on your local machine.

Secondly, we recommend using an isolated Chrome profile.

  1. Create a new Chrome Profile. You can do that from this menu:
  2. Within this profile, install the axiom extension. You can use the same axiom login as before.
  3. Do not login to any websites - your sessions from your main profile will now be isolated.

# Storing login details

Although it's possible to store password directly within axiom automations, we do not recommend this.

Storing logins (or sessions) securely requires setting up password manager infrastructure and processes to manage access. If your organisation does not have this, we suggest a workaround below.

A more secure way to store logins is to use a dedicated password manager / vault, with API access, then retrieve the password at runtime using axiom's webhook or JavaScript functionality.

https://www.vaultproject.io/ is one such solution.

The access key must be stored in axiom. Although this carries similar security risks to passwords, it a key can be quickly invalidated or programmatically set to expire.

# Workaround

One workaround, if you do not have a dedicated password manager, is to store credentials within Google Sheets.

Axiom accesses sheets using its Google Authentication permission, then retrieves the data at runtime.

This carries similar advantages (and disadvantages) to a dedicated password manager. Axiom stores an access token for your Google Drive account, but this access token can be revoked at any time.

# Automating Google Accounts

When using Google accounts with axiom automations, we recommend:

  1. Creating a dedicated Google account with restricted permissions, just for axiom.
  2. Creating a Google account using a VPN set to be in the USA. This reduces security blocks on an account, if it is accessed from multiple regions in a short time.

You may see still see security warnings from Google if this occurs. If you see access from a United States IP (Amazon Web Services), at a time when your bot ran, this will be axiom.

If you consent to axiom using your Google account for its automation:

This can be marked as non-supicious in your Google account (opens new window).

# 2-Factor Authentication (2FA)

If 2-factor authentication is required, axiom bots must be supervised by a human at the start of execution.

Use the 'Enter password' step to input the 2FA token.

If you would like axiom to run automations unsupervised (e.g. via Zapier), there is currently no choice but to disable 2FA for the account you want to automate.

Please note - you do so at your own risk. Unfortunately, increasing convenience often reduces security.

If you choose to do this, we strongly recommend using an account with restricted permissions, setup just for axiom.

Steps to disable 2FA on Google Accounts (opens new window).