Default access profile
A default access profile specifies predefined permissions and product assignments. You can create a default access profile to streamline the process of adding users to the Command Platform from your external identity provider (IdP). For organizations with large user bases, a default profile can help efficiently add users to the Command Platform and ensure that their accounts have access to the intended capabilities.
After you set up the default access profile, every new Rapid7 user you add from your IdP will be automatically provisioned with the products and permissions configured in the profile. For example, if the default access profile has read write access to InsightIDR and InsightOps, every user added through your IdP will inherit these products and permissions.
Customize Permissions and Product Assignment
To customize permissions and product assignments, you will need to manually configure them for a user. The default access profile is a one size fits all assignment for any user provisioned through your IdP.
Set up the default access profile
Setting up a default profile allows you to provision your users from your IdP and automatically assign a set of predefined permissions and Rapid7 products. In order to create a default user access profile, you must be a Command Platform administrator and have single sign-on configured for the Command Platform.
To set up a default access profile:
- From the left menu of the Platform Home page, click the Administration link.
- In the left menu of the Administration page, click Settings.
- Click the SSO Settings tab in the Authentication Settings section.
- Go to Step 5 of the instructions for setting up single sign-on.
- Click the Set Up Profile button.
- When the “Configure Default Access Profile” panel appears, choose the role you want to assign to the profile. The role sets the privilege level for the profile.
- Click Next to configure the product assignments.
- From the Product Assignment list, select the products you want to assign to the profile. Users will be able to log in to their Rapid7 accounts and access the selected products.
- Submit your changes when you are done. Your SSO settings will show that you have an access profile configured.
Now when you provision your users through your IdP, they will inherit the permissions and products you’ve configured in the default access profile.
Update the default access profile
You can update the default access profile if you need to change the privileges or products configured for it. New users provisioned through the updated default access profile will inherit the new settings.
Impact on existing users provisioned through the default access profile
Updating the default access profile does not affect existing users already provisioned through your IdP. They will continue to be able to access the products originally provisioned.
To update the default access profile:
- From the left menu of the Platform Home page, click the Administration link.
- In the left menu of the Administration page, click Settings.
- Click the SSO Settings tab in the Authentication Settings section.
- Go to Step 5 of the instructions for setting up single sign-on.
- Click the Update Profile button.
- When the “Configure Default Access Profile” panel appears, make your changes to the permissions or product assignments.
- Save your changes.
Users provisioned through the default access profile will be updated to inherit the new settings.
Reset the default access profile
You can reset the default access profile if you need to remove all permissions and product assignments for users provisioned through your IdP.
Impact on existing users provisioned through the default access profile
Resetting the default access profile does not affect existing users already provisioned through your IdP. They will continue to be able to access the products originally provisioned.
To reset the default access profile:
- From the left menu of the Platform Home page, click the Administration link.
- In the left menu of the Administration page, click Settings.
- Click the SSO Settings tab in the Authentication Settings section.
- Go to Step 5 of the instructions for setting up single sign-on.
- Click the Reset Profile button.
- When the confirmation window appears, click Yes, reset to apply your changes.
New users provisioned through the default access profile will no longer be granted access to any products.