Intelligent Automation / Security
Unattended automation under mandatory MFA: 8-12 prompts down to 2
Global healthcare-technology enterprise - master data operations
- MFA prompts per transaction
- 8-12 → 2
- fewer authentication cycles
- ~80%
- security-policy exceptions requested
- 0
- verified under live queue load
- Production
Architecture at a glance
Context
An unattended robot validates requests against a SharePoint list, updates SAP material master data via MM02, and writes results back to SharePoint. When multi-factor authentication became mandatory on the SharePoint tenant, the process started failing mid-queue.
Constraint
The security policy was non-negotiable - interactive TOTP-based MFA stays, and no exceptions would be granted for a robot account. Each workflow component authenticated independently, driving 8 to 12 MFA cycles per transaction; the SSO token pool exhausted after a handful of items and produced 60-second login timeouts.
Architecture
Rather than fighting the policy, the process was re-architected around it. Authentication was consolidated into two strategic MFA points per transaction, with the authenticated browser session reused across all SharePoint operations inside its validity window.
Operations were resequenced so that long-running UI steps execute outside the authenticated window, and the component workflows were stripped of their redundant standalone logins. The critical constraint - all SharePoint operations completing within the session lifetime - became an explicit, tested design parameter instead of an accident.
Outcome
Roughly 80% fewer MFA cycles, SSO-timeout failures eliminated, and production verification under live load - with the security posture exactly as the policy demanded. The pattern has since served as the template for other MFA-constrained unattended processes.
More work
Related case studies
Talk to the person who will actually build it
One architect, end to end: scoping, architecture, delivery, operations. Write a paragraph about your problem and you will get an engineering answer, not a sales call.