Manage Your Authentication Records

Authentication to HTML forms is optional. These authentication techniques are supported: HTTP Basic server-based authentication and simple form authentication. One or more authentication records may be added to a web application to support authentication. Each record provides credentials (user name and password) to be used for authentication when the scan encounters a login form.

When authentication is enabled for a web application, the crawler attempts authentication the first time the web crawler encounters a login form. Upon success the crawler visits the form action link, gathers information for analysis and continues crawling.

How-To's

Go to Account > Web Applications and click the Edit icon for a web application. Scroll down to the Authentication Records list. (If no records are defined for the web application, the list is empty.)

Add a record

Click the Add button to the right of the Authentication Records list and enter the authentication record settings and then click Save.

Edit a record

Click the Edit icon , enter the authentication records settings and then click Save.

Delete a record

Click the Delete icon .

Learn more

Tell me about the option "Send authentication over SSL only"Tell me about the option "Send authentication over SSL only"

When this option is selected, authentication is attempted only when the form is submitted via a link that uses SSL (link URI https://...).

What is the Realm setting?What is the Realm setting?

For authentication type Server HTTP Basic, this is the name of a protected realm. When specified, authentication is attempted only to the protected realm.

 

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: September, 2025