Configure authentication
Some web applications require authenticated access to their functionality. Configure authentication records (Basic, Server, NTLM) so we can perform more in-depth assessment of your security risk. You can even use Selenium scripts for complicated log in forms.
A few things to consider... |
Do you know if you should use authentication, and if so what type (Basic, Server, NTLM, Selenium)? We can help you sort this out quickly - review the basics for some ideas. Authentication - The Basics |
I'm ready to add an authentication record. What are the steps? |
Go to Web Applications > Authentication, click New Record: 1) tell us the name of your authentication record, and 2) choose record settings (Tip - Turn on help tips in the title bar and we'll help you do this). |
Add the record to your web applicationAdd the record to your web application Select your authentication record, then Add to Web Applications. The wizard lets you add the record to one or more web apps. (You can also go to Web Applications, edit the app you're interested in and choose the record.) |
Test authentication for your web applicationTest authentication for your web application Run this quick and easy test to check authentication. 1) Add a URL allow list to your web application and enter only the login URL for authentication. Show meShow me
2) Run a discovery scan on your web application. Hover over your web application in the list and choose Scan > Discovery Scan from the menu. The scan should only take a few minutes with the allow list applied. Was authentication successful? If yes, remove the allow list filter from your web application settings. If not, 1) check your web site in a browser to determine the correct URL of the login form, and 2) check that the right credentials are used in the authentication record. |
Want to make the record available to others?Want to make the record available to others? Apply tags to your authentication record. Users whose scopes include a tag in common with your authentication record will be able to access the record. |
Easily track authentication status |
Tell me about authentication statusTell me about authentication status The status icon tells you the authentication status of the last scan using the record.
What does Partial mean? Partial can mean a few different things. For example, if there is a combination of form and server authentication and one is successful and the other is not. Or, if authentication is successful and we find another place to login during the crawl and it is not successful, or there is no record for it.
Don't see an icon? This means the record has not been used yet by any scan. |
View the Action Log for all status updatesView the Action Log for all status updates You'll find the Action Log in the authentication record view (select the record your interested in, then View from the Quick Actions menu). |
(Successful) Authentication
was successful for the last scan using this record.
(Failed) Authentication
failed for the last scan using this record.
(Partial) Partial
authentication occurred for the last scan using this record.
(Not Used) Authentication
was not used for the last scan using this record, and the
scan completed per QID 150006.
Still have questions? |
How to find records - Set As Default, Not In UseHow to find records - Set As Default, Not In Use Tip - Use options under Filter Results (on the left panel) to limit your authentication records list to certain records. - Choose "Set As Default" to show records set as the default for web applications. - Choose "Not in use" to show records not attached to any web applications, scans or schedules. |
Quickly find related web apps, scans, schedulesQuickly find related web apps, scans, schedules You can easily find objects related to an authentication record. Just select the record you're interested in, then Find from the Quick Actions menu, and choose Web Applications, Scans or Schedules. |
Quick Links: Authentication types | Manage web applications | Manage your scans |