Test pages behind login | BrowserStack Docs

Connect & Get help from 6000+ developers on our Discord community.

Add login credentials to scan web pages that require authentication.

Web pages with sensitive or restricted content require users to log in before access. Add a login configuration to your scan, so Website Scanner can authenticate and reach these pages.

Choose your authentication type

When you add a login configuration, select the authentication type that matches your website’s login flow:

Authentication type to use	Login flow
Form authentication	A single login form with username and password fields. The server validates credentials against an authorized user list. Access to the requested resource is granted or denied based on validity of the credentials.
Basic authentication	A browser popup requesting credentials (HTTP Basic), which are sent to the server in plaintext, encoded with `Base64`. This is not supported on Safari.
Multipage authentication	Users enter their username and password on separate screens, allowing for a step-by-step login process.

There can only be one authentication type per project. All pages in the scan share the same credentials and authentication method. Having multiple authentication types on the same page, or having the same authentication type with different credentials, could cause inconsistencies.

Optional authentication settings

You can layer these options on top of form authentication or multipage authentication:

Add-on	When to use
Multifactor authentication (MFA)	Your login requires an email-based one-time password (OTP) after entering credentials.
Dynamic login URL	Your login page URL changes every session (for example, URLs with session tokens or CSRF parameters).

Both add-ons are configured within the form authentication or multipage authentication setup. Basic authentication does not support these add-ons.

Constraints

There can only be one authentication type per project. All pages in the scan share the same credentials and authentication method.

Always use sample accounts for testing purposes to protect production credentials.

Next steps

Configure form authentication for standard login forms.
Configure basic authentication for HTTP Basic auth popups.
Configure multipage authentication for login flows spread across multiple screens.

Did this page help you?

We're sorry to hear that. Please share your feedback so we can do better

Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked

This page has exactly what I am looking for
This content & code samples are accurate and up-to-date
The content on this page is easy to understand
Other (please tell us more below)

Any additional feedback?

Thank you for your valuable feedback

Is this page helping you?

Yes

We're sorry to hear that. Please share your feedback so we can do better

Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked

This page has exactly what I am looking for
This content & code samples are accurate and up-to-date
The content on this page is easy to understand
Other (please tell us more below)

Any additional feedback?

Thank you for your valuable feedback!