--- title: "How to do a scan on password-protected and internal pages" date: "2021-09-02T13:30:12+00:00" summary: "Discover how to do a scan on your password-protected pages, configure user credentials, and configure login types in Acquia Web Governance." image: type: "page" url: "/web-governance/how-do-scan-password-protected-and-internal-pages" id: "5b59f7e3-e54b-4330-8e7d-ce5025759723" --- Table of contents will be added Introduction ------------ The Web Governance scan is a powerful tool that crawls all pages of a website. The configurations that are explained in this document may require the help of an advanced website administrator with HTML knowledge. This document provides instructions for admin users on how to configure password-protected pages for the scan. Note It is not possible to scan websites that are hosted internally, for example, sites that can only be accessed from within a private network, and which are not accessible from the public internet. These are different from password-protected pages that are on the internet but require a login, and can be reached by the public (for example, a page behind a login screen on a public website). It does not apply to internal-only sites that are completely isolated from the internet. Set up user credentials ----------------------- This section provides instructions on how to set up user credentials so that the crawler can access and do a scan scan on protected pages on your website. 1. Navigate to the _Domain Overview_ page. 2. Select **Action**, on the same row as the domain that you want to do a scan on, and then select **Edit Domain** from the expanded list of options. The system opens the _Edit a domain_ page. 3. Scroll to the **Login Type** section. ![The Login Type section on the Edit Domain page.](https://acquia.widen.net/content/41ca9737-bc5f-400e-9ea0-1aa55ce8e7e3/web/WebGov_EditDomain-LoginTypeSection.png) 4. **Select Login Type**: Select the field to expand the options and then select **Form**. The _Form fields_ section expands. 5. The **Forms** feature lets you enter the login credentials so that the app can access and do a scan on protected pages. * **Form Fields:** * **Input Selector**: Enter the CSS selector that identifies the input selector of the form field or button, for example, #username or #password. Note "Name" can only be used if the name is unique. "ID" is usually unique and the preferred choice. * **Default Value**: Enter the CSS selector to identify the default value for the form field/button. * Select **Add (+)** to add a new input selector row. * To delete a row, click the **trashcan** icon. * **Submit selector**: Enter the field indicator (name or ID value) for the submit button. * **Verify URL**: Enter the URL that appears when the user successfully logs in. 6. Select **Save**.  The system closes the _Edit Domain_ page. The pages are now set up and are included in the next on-demand or scheduled scan. Log in with Office 365 or Basic Auth ------------------------------------ Office 365 and Basic Auth require the registered email or username and password. Custom logins may require help from a developer or web team member for the initial setup.