Documentation Index

Fetch the complete documentation index at: https://docs.bigid.com/llms.txt

Use this file to discover all available pages before exploring further.

Scan Beyond Login

  • Published on Apr 15, 2026
  • 3 minute(s) read
  • Rodrigo Irarrazaval
 Prev Next

In Short

Enable: Scan Beyond Login enables the BigID scanner to discover cookies and trackers on web pages that require authentication. When enabled, the scanner automatically logs into your website before scanning — providing full visibility into authenticated sections of your site.

Access: Cookies & Trackers > select a Domain > Scanner > Configure Scanner

Overview

Standard cookie scanners stop at the login page, missing all trackers that only appear after authentication. Over 90% of RFPs request scanning beyond login because critical data-privacy risks are often hidden behind authentication walls.

Scan Beyond Login solves this by replaying a recorded login script before each scan, giving you a complete, accurate view of all trackers across your site — including authenticated pages.

How It Works

At scan time, BigID:

  1. Loads your recorded Selenium IDE script (.side file).

  2. Replaces the {username} and {password} placeholders with your stored, encrypted credentials.

  3. Runs ChromeDriver headlessly to complete the login flow.

  4. Scans all authenticated pages and surfaces discovered cookies and trackers in your BigID Privacy dashboard.

Feature Flag Requirement

The Scan Beyond Login toggle is only visible when the scanBeyondLogin permission is enabled at both the company (tenant) level and the user-role level.

Note: Without the tenant flag, the entire Scan Beyond Login section is hidden — no error is shown. If a customer reports the toggle is missing, always check the tenant permission first. Once enabled at the tenant level, assign the scanBeyondLogin permission to the relevant user role.

Prerequisites

Before configuring Scan Beyond Login, ensure you have:

  • The Selenium IDE browser extension installed (Firefox recommended).

  • Valid login credentials for the website you want to scan.

  • Access to BigID Privacy with the scanBeyondLogin permission enabled for your tenant and role.

Step 1 — Record Your Login Flow

Use Selenium IDE to record the steps your browser takes to log in to the target website.

  1. Open Selenium IDE from your browser toolbar.

  2. Click "Record a new test in a new project" and give the project any name.

  3. Enter your website's base URL — for example, https://www.mysite.com.

  4. Click "Start Recording" — a new browser window opens.

  5. Navigate to the login page and fill in the form:

    • In the email or username field, type your real login email.

    • In the password field, type your real password.

    • Click the login button.

  6. Once logged in, return to Selenium IDE and click "Stop Recording".

Step 2 — Save and Verify the .side File

Save the recorded test. Selenium IDE produces a .side file (for example, login-flow.side). Open this file in a text editor and confirm it follows the structure below.

Tip

The value fields for your username and password commands must contain {username} and {password} — not your real credentials. If you see actual email addresses or passwords in these fields, replace them before uploading.

A correctly formatted .side file looks like this:

{

 "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",

 "version": "2.0",

 "name": "login-flow",

 "url": "https://www.mysite.com",

 "tests": [{

   "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",

   "name": "login",

   "commands": [

     { "command": "open",  "target": "/login",        "value": ""           },

     { "command": "type",  "target": "name=email",    "value": "{username}" },

     { "command": "type",  "target": "name=password", "value": "{password}" },

     { "command": "click", "target": "css=button[type='submit']", "value": "" }

   ]

 }],

 "suites": [{ "name": "Default Suite", "tests": ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"] }],

 "urls": ["https://www.mysite.com/"],

 "plugins": []

}

Credential Placeholders

BigID performs a case-insensitive find-and-replace on every type command's value field at scan time:

Placeholder

Replaced with at scan time

{username}

The value stored in the User field

{password}

The value stored in the Password field

Step 3 — Enable and Configure in BigID Privacy

Once you have a verified .side file, configure the feature in the platform:

  1. Navigate to your site in BigID Privacy and open the Scanner tab.

  2. Click Actions → Configure Scanner.

  3. Toggle Scan beyond login on.

  4. Upload the .side file saved in Step 2.

  5. Enter your real credentials in the User and Password fields.

  6. Click Save.

Note: Configuration is per site. Each site stores its own script, username, and password independently. Switching sites in the platform loads that site's specific configuration.

Verifying the Result

After saving and triggering a scan, confirm Scan Beyond Login is active:

  • Go to the Scanner widget on the site overview page.

  • The Scan beyond login row should display Active.

  • Authenticated pages now appear in your scan results alongside public pages.

Troubleshooting

Symptom

Likely Cause

Action

Toggle not visible

scanBeyondLogin tenant flag not enabled

Enable the company permission for the tenant

Toggle visible but greyed out

User missing the role permission

Assign scanBeyondLogin to the user's role

Scanner cannot log in

Script has hardcoded credentials

Edit the .side JSON — replace credential values with {username} / {password}

Scanner cannot log in

Credential fields are empty

Fill in the User and Password fields in the platform

Scanner cannot log in

Login selectors are outdated (site UI changed)

Re-record the login script in Selenium IDE

Save button stays disabled

Toggle is on but no .side file uploaded

Upload a .side file first

BigID’s data intelligence platform enables organizations to know their enterprise data and take action for privacy, protection, and perspective.
Solutions
Product
Resources
Company