I'm trying to setup up Web Security Scanner with non-Google account for authorisation. I have a simplified login form that works as expected when saving the scan details, and I can see in our server login it's requesting the page, submitting the form, receiving the cookie, and then viewing the post-login page successfully.

However when I try to run the scan it is always return a Login procedure failed error. Checking the logs I can see it's still visiting the sign in page, however no POST requests are being made. This includes both the post for the submit form, and another POST request that runs on page load. Both are called when the scan settings are being saved and verified however.

I can see the login form submit is definitely triggering. From reading the documentation I can see custom scans should support POST requests, on managed scans are GET only. We are using the standard tier so these scans can only be custom scans.

I've testing using alternate User Agents with no success. Is there anything in particular needed to ensure POST requests are fired during custom scans when they are running? Or any other settings that may need to be modified to ensure the login works during the actual scan?