---
title: "Configure the scan for password-protected and internal pages"
date: "2021-09-02T13:30:12+00:00"
summary: "Discover how to configure Web Governance to do a scan on your password-protected pages."
image:
type: "page"
url: "/web-governance/configure-scan-password-protected-and-internal-pages"
id: "5b59f7e3-e54b-4330-8e7d-ce5025759723"
---

Table of contents will be added

Introduction
------------

The Web Governance scan is a powerful tool that crawls all pages of a website. The configurations that are explained in this document may require the help of an advanced website administrator with HTML knowledge.

This document provides instructions for admin users on how to configure password-protected pages for the scan.

Note

It is not possible to scan websites that are hosted internally, for example, sites that can only be accessed from within a private network, and which are not accessible from the public internet. These are different from password-protected pages that are on the internet but require a login, and can be reached by the public (for example, a page behind a login screen on a public website). It does not apply to internal-only sites that are completely isolated from the internet.

Set up user credentials
-----------------------

This section provides instructions on how to set up user credentials so that the crawler can access and do a scan on protected pages on your website.

1.  Log in to Web Governance and navigate to your domain.
2.  Select **Action**, on the same row as the domain that you want to do a scan on, and then select **Edit Domain** from the expanded list of options.
    
    The system opens the _Edit a domain_ page.
    
3.  Scroll to the **Login Type** section.
    
    ![The Login Type section on the Edit Domain page.](https://acquia.widen.net/content/1kacxpt7bd/web/WebGov_EditDomain-LoginTypeSection.png?v=41ca9737-bc5f-400e-9ea0-1aa55ce8e7e3)
    
4.  **Select Login Type**: Select the field to expand the options and then select **Form**.
    
    The _Form fields_ section expands.
    
5.  The **Forms** feature lets you enter the login credentials so that the app can access and do a scan on protected pages.
    *   **Form Fields:**
        *   **Input Selector**: Enter the CSS selector that identifies the input selector of the form field or button, for example, #username or #password.
            
            Note
            
            "Name" can only be used if the name is unique.
            
            "ID" is usually unique and the preferred choice.
            
        *   **Default Value**: Enter the CSS selector to identify the default value for the form field/button.
        *   Select **Add (+)** to add a new input selector row.
        *   To delete a row, click the **trashcan** icon.
    *   **Submit selector**: Enter the field indicator (name or ID value) for the submit button.
    *   **Verify URL**: Enter the URL that appears when the user successfully logs in.
6.  Select **Save**. 
    
    The system closes the _Edit Domain_ page.
    

The pages are now set up and are included in the next on-demand or scheduled scan.

Scan results
------------

The settings above configure the scan to include password-protected and internal pages. The crawler can then detect the same issues as it finds in automated and on-demand scans, including accessibility, quality assurance, SEO, user activity and other contract-specific Web Governance offerings.

Log in with Office 365 or Basic Auth
------------------------------------

Office 365 and Basic Auth require the registered email or username and password.

Custom logins may require help from a developer or web team member for the initial setup.

Initiate the scan
-----------------

When the settings above are made, the automated and on-demand scan is able to crawl password-protected and internal-only pages for the same issues that it detects on other domain pages.

For instructions on how to schedule the automated scan, visit [Domain scan setup](/node/58556).