Skip to main content

Set up secure web authentication

  • Updated

If your web property requires a login to access, you’ll need to add authentication details when you set up an advanced scan or a monitoring scan. The platform supports scanning for basic authentication and secure web authentication. Secure web authentication is commonly used for web applications and portals and, unlike basic authentication, uses a login page rather than a modal.

On this page:

Set up secure web authentication for advanced scans

The HTML username submit button selector is only required for websites with two page authentication.

To set up an scan with secure web authentication:

  1. Go to Digital assets.
  2. Select the digital asset you'd like to scan.
  3. Choose Scans.
  4. Select Run scan.
  5. Choose the Advanced tab.
  6. Fill out the required fields.
  7. Select the Add authentication details option.
  8. Choose Secure web authentication from the dropdown menu.
  9. Enter the App login page URL. Note that the URL you enter for the app login page URL can’t be included in the pages to scan. If you try to scan the app login page, your scan will fail.
  10. Enter the login page details. How do I find this information?
    • Username (required)
    • HTML field selectors (required)
    • HTML username submit button selector (optional)
    • Password (required)
    • HTML submit button selector (required)
    • HTML success element selector (required)
  11. Select Run scan.

Set up secure web authentication for monitoring scans

The HTML username submit button selector is only required for websites with two page authentication.

To set up a monitoring scan with secure web authentication:

  1. Go to Digital assets.
  2. From the Portfolio, choose Set up monitoring on the digital asset you'd like to monitor.
  3. Fill out the required fields.
  4. Select the Add authentication details option.
  5. Choose Secure web authentication from the dropdown menu.
  6. Enter the App login page URL. Note that the URL you enter for the app login page URL can’t be included in the pages to scan. If you try to scan the app login page, your scan will fail.
  7. Enter the login page details. How do I find this information?
    • Username (required)
    • HTML field selectors (required)
    • HTML username submit button selector (optional)
    • Password (required)
    • HTML submit button selector (required)
    • HTML success element selector (required)
  8. Select Save.

Fill out secure web authentication fields

To scan webpages with secure web authentication, you’ll need to provide some code level information from your login page so that we can access your site. You can find all the required information right in your browser console. Here’s an overview of the information you’ll need:

Field name Description
App login page URL URL of the website’s login page.
Username The username or email you use to log in to the website.
Password The password you use to log into the website.
HTML username submit button selector

The button you select after you've entered your username that brings you to the password field. (The button is often labeled "Next" or "Continue" but may have a different label.)

Note: This field is only required if you need to select a button after entering your username before entering your password.
HTML field selector Associated with the username and password on your login page. (The “username” field is sometimes called an “email” field.)
HTML submit button The button you select after you’ve entered your login credentials. (The button is often labeled “Log in” or “Sign in” but could have a different name.)
HTML success selector An element that’s only visible once you’ve logged in to your website. It lets Level Access know that it has successfully logged in to your website and can begin the scan.

HTML username submit button selector

To find the HTML username submit button selector:

  1. Go to the login page for your website.
  2. Right-click on the next button and select Inspect. Your browser console will open with the code for that field highlighted.
  3. Right-click on the highlighted code and select:
    • Copy>Copy Selector in Chrome.
    • Copy>Copy CSS Selector in Firefox.
    • Copy>Copy Selector in Edge.
  4. On the advanced scan set up or monitoring page in the platform, paste the selector in the HTML username submit button selector field.

HTML field selector

To find the HTML field selectors for your username and password:

  1. Go to the login page for your website.
  2. Right-click on the username field and select Inspect. Your browser console will open with the code for that field highlighted.

    Example of inspecting the username field from the Level Access Platform login page using Chrome.

  3. Right-click on the highlighted code and select:
    • Copy>Copy Selector in Chrome.
    • Copy>Copy CSS Selector in Firefox.
    • Copy>Copy Selector in Edge.
      Example of copying a selector from the Level Access Platform log in page using Chrome.
  4. On the Advanced Scan set up or Monitoring page in the platform, paste the selector in the HTML field selector field for your username.
  5. Repeat the above steps for your password.

HTML submit button

To find the HTML submit button for your login page:

  1. Go to the login page for your website.
  2. Right-click on the submit button and select Inspect. Your browser console will open with the code for the submit button field highlighted.

    Example of inspecting the HTML submit button from the Level Access Platform login page.

  3. Right-click on the highlighted code and select:
    • Copy>Copy Selector in Chrome.
    • Copy>Copy CSS Selector in Firefox.
    • Copy>Copy Selector in Edge.

      Example of copying the HTML submit button selector from the Level Access Platform login page using Chrome.

  4. On the advanced scan set up or monitoring page in the platform, paste the selector in the HTML submit button field.

HTML success selector

For the best results, choose an HTML success selector that appears on every page after login and that’s visible without user interaction. Log out buttons and header or footer links often meet this criteria.

To collect an HTML success selector:

  1. Log in to your website.
  2. Right-click on an element that is only visible after a successful log in—we used a Request Support button in the example below—and select Inspect. Your browser console will open with the code for that element highlighted.

    Example of inspecting an HTML success selector from the Level Access platform Platform login page in Chrome.

  3. Right-click on the highlighted code and select:
    1. Copy>Copy Selector in Chrome.
    2. Copy>Copy CSS Selector in Firefox.
    3. Copy>Copy Selector in Edge.

      Example of copying an HTML success selector from the Level Access Platform using Chrome.

  4. On the advanced scan set up or monitoring page in the platform, paste the selector in the HTML success selector field.

This is what the secure web authentication section could look like when you’re done:

Single webpage URL and Add authentication details fields filled out on the Level Access Platform.

Related to

Related articles

Comments

0 comments

Article is closed for comments.