Vega supports a few different ways to scan with credentials. The two we recommend are:
Use the proxy scanner for semi-automated scanning
When the proxy scanner is enabled, Vega scans target paths with any cookies used by the client, preserving authenticated sessions during scanning. To do this, just log into your application through the proxy, ensure that scope includes the target, and browse with proxy scanning enabled.
Automated scanning with Identities
Vega supports a mechanism - 'Identities' - for supplying credentials to an application prior to an automated scan. This includes HTTP Basic/Digest, NTLM, and form based authentication (implemented with macros in Vega).
Have feedback on Vega? Our documentation? Please tell us.