Skip to main content
An application represents a website your agents need to access — for example linkedin.com or app.example.com. Applications group auth flows (how login works) and identities (who logs in). After you create an application, choose how users will log in. This is the most important configuration step — it determines what Anchor asks for when someone connects an account.

Auto-Discovery Auth

Anchor detects the login page and walks through sign-in automatically. Unpredictable login flows or the fastest setup.

Preset authentication

You define the exact fields and MFA methods (username/password, email OTP, authenticator, etc.). When you know the login steps in advance.

Manual authentication

Anchor opens a browser and the user signs in themselves. Unsupported login methods or a hands-on browser experience.

Create an application

  1. Go to Identities in the Anchor dashboard.
  2. Click Add application.
  3. Enter a name and the target site URL or domain.
  4. Choose how users will log in. If you’re unsure, start with Auto-Discovery Auth — you can switch later.

Auth modes

Each application uses one of three login approaches. Pick the one that matches how your target site works.

Auto-Discovery Auth

Anchor opens the target site, analyzes the login page, and guides sign-in automatically. Login steps are detected at runtime — no credential template required upfront. Use this when:
  • The site’s login flow changes frequently
  • You want the fastest path to a working identity
  • You’re using OmniConnect and letting end users sign in
This is pre-selected when you create a new application in the dashboard.

Via dashboard

  1. Open your application on the Identities page.
  2. Select Auto-Discovery Auth.

Via API

Set auth_mode to dynauth when creating or updating an application. This is the default — you can omit it on create.
// On create (default)
const app = await anchorClient.applications.create({
  name: 'My App',
  source: 'https://example.com',
  auth_mode: 'dynauth',
});

// Or switch an existing application
await anchorClient.applications.update(app.id, {
  auth_mode: 'dynauth',
});
# On create (default)
app = anchor_client.applications.create(
    name="My App",
    source="https://example.com",
    auth_mode="dynauth",
)

# Or switch an existing application
anchor_client.applications.update(
    application_id=app.id,
    auth_mode="dynauth",
)

Preset authentication

You define one or more named auth flows with specific authentication methods — for example username/password plus email MFA, or username/password plus an authenticator secret. Choose preset authentication when you want to control how login looks:
  • You define which fields Anchor collects (username/password, custom inputs, MFA methods)
  • You need email OTP, authenticator codes, 1Password, or other specific auth methods
  • You want multiple named login flows on the same application

Via dashboard

  1. Open your application on the Identities page.
  2. Select Preset authentication — existing flows appear below.
  3. Click Add flow to create a new authentication flow.
  4. Enter a name and select the authentication methods your login requires.
  5. Click Save Changes.

Via API

Set auth_mode to preset, then create one or more auth flows for the application.
await anchorClient.applications.update(app.id, {
  auth_mode: 'preset',
});

const authFlow = await anchorClient.applications.authFlows.create(app.id, {
  name: 'Email Login with authenticator',
  methods: ['username_password', 'authenticator'],
});
anchor_client.applications.update(
    application_id=app.id,
    auth_mode="preset",
)

auth_flow = anchor_client.applications.auth_flows.create(
    application_id=app.id,
    name="Email Login with authenticator",
    methods=["username_password", "authenticator"],
)
Pass the returned flow id as authOptionId when creating an identity.

Authentication methods

Combine methods in a preset flow to match the site’s login steps:
MethodWhat Anchor collectsGuide
username_passwordUsername and password
authenticatorTOTP secret
email_mfaForwarded email OTP via Anchor inboxEmail MFA
sms_mfaSMS OTP codes
gmail_mfaGmail OAuth for reading codes
one_passwordCredentials from 1Password vault1Password
customNamed fields you define (company name, API key, etc.)
profileManual browser login saved to the identity
dynauthAuto-discovery login
Do not mix credential-based methods (username_password, authenticator, etc.) with browser-based methods (dynauth, profile) in the same flow. Use separate flows if you need both approaches on one application.
Custom fields
When a login form has non-standard inputs, add custom_fields to your auth flow and pair them with the custom method:
{
  "name": "Company Login",
  "methods": ["custom", "username_password"],
  "custom_fields": [
    { "name": "company_name" }
  ]
}

Manual authentication

Anchor opens a secure browser and the user signs in themselves. The resulting session state is saved as an identity. Choose manual authentication when:
  • You want a hands-on browser login experience
  • The site uses login methods Anchor does not support yet
With auto-discovery or preset authentication, you can optionally switch to a browser login during identity creation if automated steps fail or the site presents an unexpected challenge.

Via dashboard

  1. Open your application on the Identities page.
  2. Select Manual authentication.

Via API

Set auth_mode to manual when creating or updating an application.
// On create
const app = await anchorClient.applications.create({
  name: 'My App',
  source: 'https://example.com',
  auth_mode: 'manual',
});

// Or switch an existing application
await anchorClient.applications.update(app.id, {
  auth_mode: 'manual',
});
# On create
app = anchor_client.applications.create(
    name="My App",
    source="https://example.com",
    auth_mode="manual",
)

# Or switch an existing application
anchor_client.applications.update(
    application_id=app.id,
    auth_mode="manual",
)

What happens next

Once your application is configured, create an identity for each account that needs access. Identities store credentials and validated session state; attach them to browser sessions to start signed in.

Further application setup

After choosing an auth mode, you can configure defaults that apply to every identity under the application — network routing, browser session settings, and application metadata. Open your application on the Identities page and expand Advanced.

Network defaults

Choose how traffic is routed for authenticated sessions created from this application:
OptionDescription
Anchor ProxyRoute through Anchor’s managed rotating proxy network (default)
Custom ProxyRoute through your own proxy server
Dedicated Sticky IPEach identity gets a fixed IP address that persists across sessions
Network settings apply at the application level and affect all identities under it. See Proxy, Bring Your Own Proxy, and Dedicated Sticky IP for details. You can also set dedicated_sticky_ip on an individual identity at creation time to override the application default.

Browser session defaults

Enable Default Browser Session Configuration to set defaults merged into every session launched with an identity from this application — for example proxy country, Extra Stealth, CAPTCHA solving, or session timeout. The configuration uses the same schema as the Start Browser Session API. Session-level options passed at create time still override these defaults.

Application metadata

Update the application name and description from the same Advanced panel — useful for organizing applications in the dashboard.

Via API

Set defaults when creating or updating an application:
await anchorClient.applications.update(app.id, {
  name: 'Acme Portal',
  description: 'Internal procurement system',
  identityDefaultConfiguration: {
    dedicated_sticky_ip: true,
  },
  browserSessionDefaultConfiguration: {
    session: {
      proxy: { active: true, country_code: 'us' },
    },
    browser: {
      extra_stealth: { active: true },
      captcha_solver: { active: true },
    },
  },
});
anchor_client.applications.update(
    application_id=app.id,
    name="Acme Portal",
    description="Internal procurement system",
    identity_default_configuration={
        "dedicated_sticky_ip": True,
    },
    browser_session_default_configuration={
        "session": {
            "proxy": {"active": True, "country_code": "us"},
        },
        "browser": {
            "extra_stealth": {"active": True},
            "captcha_solver": {"active": True},
        },
    },
)

Managed Authentication Overview

Profiles vs identities and how the model fits together

Identities

Create identities and launch authenticated sessions

API Reference

Applications and auth flow endpoints

OmniConnect

Embed identity creation in your product