Authenticated Scanning for Front-End Apps
This guide will walk you through the steps to set up authenticated domain scanning in Aikido, ensuring thorough and secure assessments.
This feature is not available on Free Plans.
Use Cases
Ensure comprehensive security assessments for protected areas of your website.
Identify vulnerabilities in authenticated sections of your domain.
Setting up authentication on a domain
Step 1: Go to the Domains Overview and open the action menu for a domain of your choice by clicking the triple dots. Select Authenticate Domain.

Step 2: Fill in the URL and email/password for the domain authentication. Click Test to let Aikido check whether it can access the domain with those credentials.

Step 3. Once the test has been succeeded, you can Confirm Authentication. Aikido will do a thorough scan and all results will appear in Aikido.
Scan credentials are securely stored using PKCS1 encryption
Supported Cases
Email or username and password login forms
Multi step login forms with email or username and password (forms where the password field is not visible until an email address is provided)
Authentication via Custom headers
2FA is currently not supported. We advice to disable 2FA for the testing accounts, or for the set of IP addresses Aikido uses to connect to your website.
Microsoft / Google SSO is currently not supported. As a workaround, you can manually authenticate and pass a valid session using the Cookie header via custom headers.
Is your case not supported? Let us know via the chat and we will look into it!
Troubleshooting Authentication Issues
Login via form
Aikido scanner will use a fixed set identifiers to determine the username and password fields. Check that your input fields id
or name
parameters have one of the following values for the email or username field.
"email", "username", "Username", "login-email", "EmailOrUsername",
"UserNameOrEmail", "username_login", "txtUsername", "user_email", "email-input'
Password field are found by looking for input fields with password type.
input[type="password"]
Submit buttons are found by looking for buttons or input fields with type submit.
button[type="submit"]
input[type="submit"]
If you still encounter problems, please don't hesitate to reach out to support.
Last updated
Was this helpful?