Step 3: Test Users

Test users allow Mjolnir to operate as a real user would, logging in, navigating authenticated flows, and probing access controls. This dramatically improves coverage and result quality. Without test users, Mjolnir will attempt to self-register accounts during the test. This is less reliable and may result in reduced coverage, particularly for authenticated flows, privilege escalation checks, and tenant isolation testing.

​

Two categories of test users

​

Role coverage: test every permission level

Add at least one user per role in your system. Mjolnir uses these to check for privilege escalation, testing whether a lower-privileged user can access resources or perform actions they shouldn’t. Suggested roles to cover: Admin, Manager, Viewer Your application may use different role names. Use whatever matches your actual permission model.

​

Tenant isolation: test cross-tenant data leaks

Add users from at least two separate tenants. Mjolnir uses these to verify that one tenant’s data cannot be accessed by another. Minimum: 2 users from different tenants.

---

​

Adding a test user

Click + Add User to open the add user modal. Fields:

• Name: a label for your reference, e.g. “Admin user, Tenant A”
• Role: e.g. Admin, Viewer, Tenant B Manager
• Auth method: how this user logs in (see below)
• Authentication instructions: credentials or login steps for this specific auth method

​

Supported auth methods

Select the login method that matches how this user authenticates: