You can of course wrap your MFA login into user keywords (I guess you have already done that) and just put them into a test. Then ask the agent to only execute those keywords (it is able to import resources and run user keywords) and then you can proceed with the session.
I’ll think about possibilities to ensure that certain keywords or arguments are never sent to the agent/LLM. Just running them via execute step should not share any secrets from inside the keywords. But let’s think about an approach to make it bulletproof