linkedin.com or app.example.com. Applications group auth flows (how login works) and identities (who logs in).
After you create an application, choose how users will log in. This is the most important configuration step — it determines what Anchor asks for when someone connects an account.
Auto-Discovery Auth
Anchor detects the login page and walks through sign-in automatically. Unpredictable login flows or the fastest setup.
Preset authentication
You define the exact fields and MFA methods (username/password, email OTP, authenticator, etc.). When you know the login steps in advance.
Manual authentication
Anchor opens a browser and the user signs in themselves. Unsupported login methods or a hands-on browser experience.
Create an application
- Dashboard
- API
- Go to Identities in the Anchor dashboard.
- Click Add application.
- Enter a name and the target site URL or domain.
- Choose how users will log in. If you’re unsure, start with Auto-Discovery Auth — you can switch later.
Auth modes
Each application uses one of three login approaches. Pick the one that matches how your target site works.Auto-Discovery Auth
Anchor opens the target site, analyzes the login page, and guides sign-in automatically. Login steps are detected at runtime — no credential template required upfront. Use this when:- The site’s login flow changes frequently
- You want the fastest path to a working identity
- You’re using OmniConnect and letting end users sign in
Via dashboard
- Open your application on the Identities page.
- Select Auto-Discovery Auth.
Via API
Setauth_mode to dynauth when creating or updating an application. This is the default — you can omit it on create.
Preset authentication
You define one or more named auth flows with specific authentication methods — for example username/password plus email MFA, or username/password plus an authenticator secret. Choose preset authentication when you want to control how login looks:- You define which fields Anchor collects (username/password, custom inputs, MFA methods)
- You need email OTP, authenticator codes, 1Password, or other specific auth methods
- You want multiple named login flows on the same application
Via dashboard
- Open your application on the Identities page.
- Select Preset authentication — existing flows appear below.
- Click Add flow to create a new authentication flow.
- Enter a name and select the authentication methods your login requires.
- Click Save Changes.
Via API
Setauth_mode to preset, then create one or more auth flows for the application.
id as authOptionId when creating an identity.
Authentication methods
Combine methods in a preset flow to match the site’s login steps:| Method | What Anchor collects | Guide |
|---|---|---|
username_password | Username and password | — |
authenticator | TOTP secret | — |
email_mfa | Forwarded email OTP via Anchor inbox | Email MFA |
sms_mfa | SMS OTP codes | — |
gmail_mfa | Gmail OAuth for reading codes | — |
one_password | Credentials from 1Password vault | 1Password |
custom | Named fields you define (company name, API key, etc.) | — |
profile | Manual browser login saved to the identity | — |
dynauth | Auto-discovery login | — |
Do not mix credential-based methods (
username_password, authenticator, etc.) with browser-based methods (dynauth, profile) in the same flow. Use separate flows if you need both approaches on one application.Custom fields
When a login form has non-standard inputs, addcustom_fields to your auth flow and pair them with the custom method:
Manual authentication
Anchor opens a secure browser and the user signs in themselves. The resulting session state is saved as an identity. Choose manual authentication when:- You want a hands-on browser login experience
- The site uses login methods Anchor does not support yet
With auto-discovery or preset authentication, you can optionally switch to a browser login during identity creation if automated steps fail or the site presents an unexpected challenge.
Via dashboard
- Open your application on the Identities page.
- Select Manual authentication.
Via API
Setauth_mode to manual when creating or updating an application.
What happens next
Once your application is configured, create an identity for each account that needs access. Identities store credentials and validated session state; attach them to browser sessions to start signed in.Further application setup
After choosing an auth mode, you can configure defaults that apply to every identity under the application — network routing, browser session settings, and application metadata. Open your application on the Identities page and expand Advanced.Network defaults
Choose how traffic is routed for authenticated sessions created from this application:| Option | Description |
|---|---|
| Anchor Proxy | Route through Anchor’s managed rotating proxy network (default) |
| Custom Proxy | Route through your own proxy server |
| Dedicated Sticky IP | Each identity gets a fixed IP address that persists across sessions |
dedicated_sticky_ip on an individual identity at creation time to override the application default.
Browser session defaults
Enable Default Browser Session Configuration to set defaults merged into every session launched with an identity from this application — for example proxy country, Extra Stealth, CAPTCHA solving, or session timeout. The configuration uses the same schema as the Start Browser Session API. Session-level options passed at create time still override these defaults.Application metadata
Update the application name and description from the same Advanced panel — useful for organizing applications in the dashboard.Via API
Set defaults when creating or updating an application:Related
Managed Authentication Overview
Profiles vs identities and how the model fits together
Identities
Create identities and launch authenticated sessions
API Reference
Applications and auth flow endpoints
OmniConnect
Embed identity creation in your product

