Role & Session Management

CenterTest supports multiple concurrent user connections within a single scenario. Each user, defined by role and permissions, operates in their own browser session while sharing data between sessions.

Generated data like account numbers, policy numbers, and claim numbers pass seamlessly between sessions using Helper utilities. When the producer creates an account, the underwriter's session can immediately navigate to that account without manual data transfer.

Parallel Execution increases efficiency by allowing independent operations across different users or Centers to execute concurrently in their own browser. Each session stays logged in throughout the scenario rather than repeatedly logging in and out, eliminating authentication overhead and speeding up test execution time.

Role and Permissions Testing leverages multi-session capabilities to systematically validate access control.

Test scenarios define users by logical role names, role-to-credential mappings are managed in by CenterTest properties, and credentials themselves are retrieved from vault APIs at runtime to maximize security.

This separation enables both functional and permission testing using the same exact test.

First, CenterTest separates role definitions from credential management:

• Roles are defined by logical names in test scenarios ("producer", "underwriter", "admin").

• Role-to-credential mappings are managed in backend property files.

• Credentials themselves are retrieved from vault APIs at runtime.

Then, this separation enables powerful testing patterns:

• Validate end-to-end workflows using users with global permissions, then swap credentials in property files to test with restricted roles, all without modifying test code

• Run identical scenarios with different permission sets to verify access controls

• Confirm producers cannot access underwriter-only functions

• Verify read-only users cannot modify records

• Validate sensitive fields are hidden from unauthorized roles

A single scenario can test both the "happy path" and the "access denial path" by executing twice with different role configurations. The test code remains unchanged; only the credential mapping changes.

For example, a scenario validating policy creation first executes with an unrestricted user to verify the workflow functions correctly. Then the same scenario executes with role-specific users - a producer submits a policy, an underwriter approves holds, and a customer service rep makes a payment.

Vault API Integration supports enterprise credential management solutions including Keeper, CyberArk, AWS Secrets Manager, and Azure Key Vault. CenterTest's open architecture makes adding new Vault API processing very simple.

Tests request credentials from the vault at execution time rather than relying on stored values. When vault credentials rotate, tests automatically use updated values without code changes. All credential access flows through existing vault audit logging, maintaining compliance with enterprise security requirements.

For SSO and MFA environments, CenterTest handles authentication flows including SSO redirects, authentication prompts, session token management, and TOTP (time-based one-time passwords) depending on your security configuration.

This approach transforms security testing from periodic manual audits into continuous automated validation. Every regression run can include permissions verification, catching access control regressions immediately rather than discovering them in production or during compliance audits.

Learn more by exploring our FAQ below, or schedule a consultation to talk to one of Kimputing's test automation specialists.