> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anchorbrowser.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Managed Authentication

> Choose between browser profiles and the Applications + Identities model for persistent sign-in across sessions.

Anchor offers two ways to keep browser sessions signed in across runs. Both persist login state, but they differ in how much structure and automation you get.

## Browser profiles vs managed authentication

|                 | Browser profiles                                       | Managed authentication                                                                   |
| --------------- | ------------------------------------------------------ | ---------------------------------------------------------------------------------------- |
| **Setup**       | Log in manually once; Anchor saves cookies and storage | Store credentials (or guide a login) on an identity; Anchor re-authenticates when needed |
| **MFA support** | You handle codes yourself during the one-time login    | Built-in methods (email OTP, TOTP, 1Password, custom MFA)                                |
| **Re-auth**     | Profile may expire; you log in again manually          | Anchor runs the auth flow automatically before each session                              |

<h2 id="browser-profiles">
  Browser profiles
</h2>

Browser profiles persist cookies, local storage, and cache from a session so future sessions can start signed in. Pass `browser.profile` when [creating a session](/quickstart/browser-sessions) — set `persist: true` on first use, log in once, then end the session to save the profile.

```javascript theme={null}
const session = await anchorClient.sessions.create({
  browser: {
    profile: { name: 'my-profile', persist: true },
  },
});
```

Reuse the profile on later sessions by name (omit `persist`). When the target site expires the session, log in again manually — profiles do not store credentials or re-authenticate automatically.

See [Dedicated Sticky IP](/advanced/dedicated-sticky-ip) for fixed-IP profiles and [Browser Sessions](/quickstart/browser-sessions) for full session configuration options.

## How managed authentication works

Managed authentication is built around three concepts:

```mermaid theme={null}
flowchart LR
  A["Application<br/>target website"] --> B["Auth flow<br/>how to log in"]
  B --> C["Identity<br/>who logs in"]
  C --> D["Browser session<br/>starts signed in"]
```

1. **Application** — Represents a target website (for example `linkedin.com`). Each application defines how login works and owns its identities.
2. **Auth flow** — Describes *how* login works: which fields to collect, which MFA methods apply, or whether Anchor detects login steps automatically.
3. **Identity** — A specific account on that application. Stores credentials and validated session state. Attach an identity when creating a session and the browser starts already signed in.

## Choose how users log in

When you create an application, choose **how users will log in**. This is the most important configuration step — it determines what Anchor asks for when someone connects an account.

<CardGroup cols={3}>
  <Card title="Auto-Discovery Auth" icon="sparkles" href="/essentials/applications#auto-discovery-auth">
    Anchor detects the login page and walks through sign-in automatically. Unpredictable login flows or the fastest setup. Pre-selected for new applications.
  </Card>

  <Card title="Preset authentication" icon="sliders" href="/essentials/applications#preset-authentication">
    You define the exact fields and MFA methods (username/password, email OTP, authenticator, etc.). When you know the login steps in advance.
  </Card>

  <Card title="Manual authentication" icon="user" href="/essentials/applications#manual-authentication">
    Anchor opens a browser and the user signs in themselves. Unsupported login methods or a hands-on browser experience.
  </Card>
</CardGroup>

See [Applications](/essentials/applications) for dashboard and API setup for each mode, authentication methods, and [further application setup](/essentials/applications#further-application-setup) (proxy, sticky IP, browser session defaults).

## End-to-end flow

<Steps>
  <Step title="Create an application">
    Define the target website. See [Applications](/essentials/applications).
  </Step>

  <Step title="Choose how users log in">
    Pick auto-discovery, preset, or manual authentication. With preset, define auth flows and MFA methods.
  </Step>

  <Step title="Configure defaults (optional)">
    Set network routing, proxy, sticky IP, and browser session defaults for all identities under the application.
  </Step>

  <Step title="Create an identity">
    Store credentials or complete a guided login for a specific account. See [Identities](/essentials/authenticated-applications).
  </Step>

  <Step title="Launch authenticated sessions">
    Pass the identity ID when creating a session. Anchor authenticates before your agent or automation runs.

    ```javascript theme={null}
    const session = await anchorClient.sessions.create({
      identities: [{ id: identityId }],
    });
    ```
  </Step>
</Steps>

## Related

<CardGroup cols={2}>
  <Card title="Applications" icon="grid-2" href="/essentials/applications">
    Auth modes, authentication methods, and application defaults
  </Card>

  <Card title="Identities" icon="id-card" href="/essentials/authenticated-applications">
    Create accounts and launch signed-in sessions
  </Card>

  <Card title="Embedding End-User Auth UI" icon="window" href="/essentials/omniconnect">
    Let your users connect accounts from your product
  </Card>
</CardGroup>
