Authenticated scans let PageLens inspect pages behind a login, such as dashboards, account areas, onboarding flows, or internal tools. They require a test account that you are allowed to scan.
Create an auth profile
Open Account menu -> Auth profiles. Choose the verified domain the profile belongs to, then enter:
- a label that helps you recognize the profile later
- the login URL
- the post-login URL or route PageLens should reach after signing in
- test username and password
- allowed origins and path prefixes
The credentials are stored as encrypted secrets. PageLens uses them only for scan automation and validation.
Use the login inspector
For form-based login, the inspector can suggest selectors for username, password, and submit controls. Review the suggestions before saving. If your login form uses unusual markup, you may need to provide selectors manually.
Set route boundaries
Allowed origins and path prefixes tell PageLens where the authenticated browser is allowed to go. Keep these as narrow as practical. Denied path patterns are useful for destructive routes, billing portals, logout links, account deletion, or admin-only areas.
Validate before scanning
An auth profile should be Active and Passing before you attach it to a scan. Validation confirms that the worker can log in and reach the expected post-login state.
Start an authenticated scan
On the new scan form, enable Authenticated scan and pick the passing auth profile. Authenticated scans are treated as private results because screenshots and evidence can include logged-in data.
Good test account hygiene
Use a dedicated test account with safe sample data. Do not use a personal admin account, production customer data, or an account that can perform destructive actions without confirmation.