Adding and replacing credentials for non-public sites

Siteimprove can crawl intranets and other non-public sites. Read about requirements and considerations in this help center article.

In September 2023, Siteimprove enabled the ability for account owners and administrators to add and replace credentials via the Siteimprove platform to further increase security for our customers’ credentials on those internal sites.

How to add, replace, and delete credentials for the Siteimprove crawler to authenticate into your non-public website

As an account owner, or administrator, or if given permission within a custom role, you will find the site crawl authentication feature in Settings > Sites, in the site summary.

To add or replace credentials for a site you select, go to the site crawl credential settings in your site summary card. 

There are 3 options within the crawler authentication section:

• Add credentials 
• Replace credentials 
• Delete credentials 

Adding credentials

If a site does not have credentials set yet, you are prompted to add them. Adding credentials creates a support ticket in your name for Siteimprove’s customer support to set up an authentication script for the crawler to correctly traverse the login flow on your website. The credentials are stored in AWS secrets storage for increased security. The authentication script uses references to the stored credentials to authenticate the crawler into your non-public website.

When adding credentials you will first be taken to a modal confirming your action.

In the next step, you can add the credentials the crawler should use to crawl your non-public site. Credentials typically consist of one username and one password. You can add a second password upon adding credentials if necessary.

Please do not enter your own Siteimprove or other personal sign-in information. The credentials used for crawler authentication should adhere to the requirements for login credentials for password-protected websites.

Replacing Credentials

If you previously added credentials for a site, you will be given the option to replace your existing credentials. If the only change needed is to exchange the credentials, then use this option. This leaves the authentication script untouched and simply exchanges your credentials that the script is referencing. Hence no support ticket is created when the credentials are replaced.

Replacing credentials guides you through a confirmation step followed by a modal where you can enter the new credentials the crawler should use to authenticate into your website. Using this option does not create a ticket for Siteimprove’s support. The new credentials will be applied with the next crawl.

Again, please be aware of the requirements for login credentials for password-protected websites.

Deleting Credentials - Exchanging the Authentication Script

If the login-flow on your website has changed entirely, for example, if the password and username have previously been entered on one screen but now need to be entered separately on two screens, then it is likely the authentication script for your site needs to be changed. This is done by Siteimprove’s support team. In this case, we recommend deleting the previous credentials, and adding new credentials, as it will trigger a support ticket for our team. Be aware this action takes longer than simply replacing the credentials.

If your login flow has not changed, but the existing credentials/password is not up to date, then we recommend simply “replacing” the credentials.

Non-public website statement

Please note that any use of Siteimprove’s services on a non-public website or a website that contains non-public or personal information shall be subject to Siteimprove’s non-public website statement.

This statement may have been signed as part of your subscription or could have been signed as an amendment to your subscription. Please reach out to your customer success manager if you are unsure if your statement has been signed.