Authentication Support
Currently, our DAST engine can run scans using the following authentication types:
No authentication
Form-based authentication
JSON-based authentication
Basic HTTP/NTLM authentication
Single Sign-On (using custom scripts)
Multi-step authentication (using custom scripts)
Single Sign-On (Using ZEST script from ZAP browser extension)
Multi-step authentication (Using ZEST script from ZAP browser extension)
Multi-factor Authentication (TOTP Only) (Only supported via onboarding wizard)
Authentication types not supported:
Multi-factor authentication
Single sign-on using encryption or decryption methods
Multi-step authentication using encryption or decryption methods
Dynamic credentials
Knowledge-based
Viewing the Authentication Report
As an outcome of your onboarding, the Authentication Report gives you a clear, structured view of your authentication setup - complete with key insights and screenshots.
The Authentication column in the environment table displays the status of each authentication attempt. A green check mark indicates that authentication was successful, while a red Failure signifies a failure.
To view the authentication report, locate the row of the environment you wish to review and click 
at the end of the row. This opens a dropdown menu. From the menu, select Authentication Report.
A side panel will appear, providing an overview of the authentication process for that specific environment.
Scrolling through the panel, from the beginning, is a summary of what worked and what did not during authentication. Scroll further for step-by-step login instructions and screenshots that guide you through the process. The report also includes information about how your Zap is configured, any verification processes that are currently in place, and the setup details of your environment. Toward the bottom of the panel are statistics from Zap that offer deeper insight into authentication. See here for more information on these statistics.
When you are ready to share or save the report, click Share or 
.