Minimising risk
We'd advise against adding admin credentials, as explained in this article.
Whilst the scanner can run safely on many production websites, it's usually best to stick to staging to reduce the chance of damage.
⚠️ Authentication licenses are per Fully Qualified Domain Name (FQDN) or IP Address, and you can add as many authentications to one target as you wish.
How to add apps using advanced authentication methods
If your app uses single-sign-on, multi-factor authentication, or has complex authentication flows, take a look at our article below:
How to customize the scope of the scan
By default, our scanners will attempt to find all scannable pages on your app. If you wish to set up the authentication of your scan to modify the scope, then take a look at our article here: