Skip to main content
Managed Auth creates and maintains authenticated browser sessions for your AI agents. Store credentials once, and Kernel re-authenticates automatically when needed. When you launch Kernel browsers with Managed Auth connections, your agent starts already logged in and ready to go.

How It Works

1

Create a Connection

A Managed Auth Connection creates a browser profile for a domain you want to keep authenticated so you can automatically be logged in when you launch future browsers. Create one for each domain + user combination you want to keep authenticated.
const auth = await kernel.auth.connections.create({
  domain: 'netflix.com',
  profile_name: 'netflix-user-123',
});
2

Start a Login Session

A Managed Auth Session is the corresponding login flow for the specified connection. Users provide credentials via a Kernel-hosted page or your own UI.Specify a Credential to enable re-authentication without user input.
const login = await kernel.auth.connections.login(auth.id);

// Send user to login page
console.log('Login URL:', login.hosted_url);

// Poll until complete
let state = await kernel.auth.connections.retrieve(auth.id);
while (state.flow_status === 'IN_PROGRESS') {
  await new Promise(r => setTimeout(r, 2000));
  state = await kernel.auth.connections.retrieve(auth.id);
}

if (state.status === 'AUTHENTICATED') {
  console.log('Authenticated!');
}
3

Use the Profile

Once the auth connection completes, the connection is saved to the browser profile you created in step 1. Create browsers with the profile and navigate to the site. The browser session will already be authenticated.
const browser = await kernel.browsers.create({
  profile: { name: 'netflix-user-123' },
  stealth: true,
});

// Navigate to the site—you're already logged in
await page.goto('https://netflix.com');

Choose Your Integration

Hosted UI

Start here - Simplest integrationRedirect users to Kernel’s hosted page. Add features incrementally: save credentials for auto-reauth, custom login URLs, SSO support.

Programmatic

Full control - Custom UI or headlessBuild your own credential collection. Handle login fields, SSO buttons, MFA selection, and external actions (push notifications, security keys).

Why Managed Auth?

The most valuable workflows live behind logins. Managed Auth provides:
  • Works on any website - Login pages are discovered and handled automatically
  • SSO/OAuth support - “Sign in with Google/GitHub/Microsoft” buttons work out-of-the-box via allowed_domains
  • 2FA/OTP handling - TOTP codes automated, SMS/email/push OTP are supported
  • Post-login URL - Get the URL where login landed (post_login_url) so you can start automations from the right page
  • Session monitoring - Automatic re-authentication when sessions expire with stored credentials
  • Secure by default - Credentials encrypted at rest, never exposed in API responses, or passed to LLMs

Security

FeatureDescription
Encrypted credentialsValues encrypted with per-organization keys
No credential exposureNever returned in API responses or passed to LLMs
Encrypted profilesBrowser session state encrypted end-to-end
Isolated executionEach login runs in an isolated browser environment