MSSP Customer Management
This guidance is intended to help our Rapid7 Partners who are operating as Managed Security Service Providers (MSSPs) using Rapid7 products for a set of Managed Customer accounts. As an MSSP, you need to be able to extend your security analyst users access to the customer accounts they are responsible for managing. Rapid7 has introduced a new self-serve function to enable you to perform these user access management tasks independently.
Establish the Partner-Managed Customer relationship
Before you are able to grant your security analysts access to a Managed Customer account, the Managed Customer must first agree to be managed. This approval process is facilitated through Rapid7.
Relationship requirements
A Partner-Managed Customer relationship requires:
- A Partner Command Platform account (referred to as the Partner Primary account) where all security analysts have associated user accounts.
- An end-customer Command Platform account, to be managed by the Partner. If either of these customer accounts have not already been set up, please contact your Rapid7 representative for further assistance.
To create a Partner-Managed Customer relationship:
- You should contact your Rapid7 representative with details for the customer you wish to manage.
- The Managed Customer needs to have a Command Platform account licensed with one or more Rapid7 products. This can be either an existing account or one created by request through Rapid7.
- Rapid7 will establish the relationship between your Partner account and the Managed Customer account.
- The Platform Administrator for the Managed Customer account will receive an email requesting approval for the partner to manage customer access.
- The Platform Administrator should follow the link provided in the email in order to log in to their account and approve the access request.
- Alternatively, the Platform Administrator can approve the access request by navigating to the Company Settings tab in the left menu. From here, they will select the External User Settings tab and click the green Approve Access button.
- You are now able to manage the customer account.
Access Customer Management
As a Partner Platform Administrator, when you first log in to your Primary customer account on the Command Platform, you will see a new Customer Management link under your Administration page in the Command Platform. This new function will allow you to manage user access for your managed customers.
Make Customer Management your default page on login?
Partner Platform Administrators can now set Customer Management as their default landing page. To do so, follow these instructions and then select Customer Management as your default landing page.
To access a Managed Customer account:
- From the left menu of the Rapid7 Command Platform Home page, click the Administration link.
- Click on the Customer Management link in the left menu, then select Customers.
- From here, you can manage which accounts your security analysts can access.
- You can view all customers that you currently manage, the Rapid7 products they own, as well as the number of users that are assigned to each Managed Customer.
- For any Managed Customer that has not yet approved the Partner to manage their account, the account status will appear as pending until they are approved. The pending status is indicated by a yellow, triangular symbol on the Managed Customer name.
Assign one or more users access to a Managed Customer
Any user within your Partner Primary account can be granted access by a Partner Platform Administrator to any approved Managed Customer.
To assign users to a Managed Customer:
- From the left menu of the Rapid7 Command Platform Home page, click the Administration link.
- Click on the Customer Management link in the left menu, then select Customers.
- Click the name of the customer you wish to add user access to.
- Click the Assign User Access button.
- Select the Partner Primary user(s) you want to grant access by typing the name of the user into the provided field or selecting the user from the dropdown list.
- Configure the access privileges the user(s) will be given by selecting the following:
- Determine whether they are to receive Platform Administrator access within the Managed Customer.
- Determine how long this access is valid for. This can be permanent, meaning until they are removed by Partner Administrator at some point in the future, or time-bound. For example, 24 hours, 48 hours, or a custom duration.
- Click Next.
- You can now assign both a product role and what products the user(s) will have access to within the Managed Customer account.
- Click Next.
- Review the Access Request Summary and use the Back button if changes are required.
- Click Submit.
- The user access assigned to the customer will be updated upon refresh.
Quick Add Function
This function allows a Partner Platform Administrator to assign a user access to the Managed Customer optionally as a Platform Administrator and for a specified duration without specifying assigned products and roles.
If the user has been given Platform Administrator status within the Managed Customer, they can self-assign access to required products. If not, then another Platform Administrator within the Managed Customer can assign the user product access and roles.
Assign a user access to one or more Managed Customers
To assign one or more Managed Customer accounts to a user:
- Navigate to the Users page within Customer Management.
- Click the name of the user you wish to add customer access to.
- Click the Assign Customer Access button.
- Select the Managed Customer(s) you want to grant the user access to by typing the name of the customer into the provided field or selecting the customer from the dropdown list.
- Configure the access the user will be given to all chosen customers by selecting the following:
- Determine whether they are a Platform Administrator.
- Determine how long this access is valid for. This can be permanent, meaning until they are removed by the Partner Administrator at some point in the future, or time-bound. For example, 24 hours, 48 hours, or a custom duration.
- You can choose to add a comment that will be included in an email notifying Platform Administrators in the Managed Customers of a new user receiving access.
Selecting access for multiple customers
If more than one customer is selected, then the user’s Platform Administrator status and duration specified will apply to all customers.
- Click Next.
- You can now assign both a role and what products the user will have access to within each individual Managed Customer account, starting with the first selected customer and progressing in sequence.
- Click Next.
- Review the Access Request Summary. Use the Back button if changes are required.
- Click Submit.
- The customer access assigned to the user will be updated upon refresh.
Remove Managed Customer access
Access removal conditions
This should only be done if the relationship between the Partner and the Managed Customer has been terminated.
To remove Partner access from a Managed Customer account:
- Navigate to the Customers page within Customer Management.
- Locate the customer you wish to delete in the Managed Customers table.
- Click the minus icon.
- Click Yes, remove access button to confirm.
Remove user access
There are 2 options for removing user access to a specific Managed Customer account.
Option 1
- Navigate to the Users page within Customer Management.
- Locate the user you want to make changes to.
- Click the User name or the View User link to see the details of all Managed Customers the user has been assigned access to.
- To remove the user from a specific Managed Customer, click the minus icon to the right of the customer name.
- Click Yes, remove access to confirm.
Option 2
- Navigate to the Customers page within Customer Management.
- Locate the customer you want to make changes to.
- Click on the customer name to view details of all assigned users.
- Click the minus icon opposite the user that you wish to remove from the Managed Customer.
- Click Yes, remove access to confirm.
View user-managed customer assignment
As a Partner Platform Administrator you can easily view which security analysts are assigned to each of your managed customer accounts.
To view a summary of Managed Customer assignment for all users:
- Navigate to the Users page within Customer Management.
- This presents a list of all Partner users (security analysts) and which Managed Customers they have been currently assigned.
To view a particular user's assignment to Partner managed customers:
- Locate the user you wish to view and click on their User name or the View User link to the right.
- You can now view the user’s email, time zone, and further access details within each Managed Customer.
To view user assignment for a particular Managed Customer from the Customers tab:
- Navigate to the Customers page within Customer Management.
- Click on the Customer Name.
- A list of assigned users is presented, including:
- User Platform Administrator status within the Managed Customer
- Product access details
- Last access time
- Access status - permanent or time limited
Edit User Access
To update a user’s Platform Administrator status and duration of access in a given managed customer:
- Navigate to the Users page within Customer Management.
- Click on the name of a user or the View user link on the right of the Users table.
- Locate the Managed Customer you would like to edit this user’s access for and click the pencil icon on the right of the table.
This will open a page where you can toggle the Platform Administrator status of the user, as well as alter the duration of their access to the Managed Customer. Once you have made your changes and clicked Next, you’ll be presented with a Summary page.
The Summary page contains an Updated tab that allows you to view how the access connected to this user account will update after your changes have been saved. Request details will contain any updates to the Platform admin status or expiration date for the duration of the access. Any change to the expiration date will include an update icon. There is also an Original tab that shows what the initial access for this user was before any changes have been applied.
Edit a managed customer name
Partner Platform Administrators have the ability to update or change the name of managed customers.
To change the name of a Managed Customer account:
- Navigate to the Customers page within Customer Management.
- Click on the customer you wish to rename.
- Click on the Edit Customer Details button on the top right of the screen.
- Enter the new name and click Save.
The customer’s name will now be updated throughout the Command Platform.
Customer Navigation Experience
Upon login to the Command Platform, you will be presented with a Customer Table containing all the Managed Customers you have access to, with your Primary Partner Customer pinned to the top of the table. Platform Administrators for the Primary Partner Customer will see a Manage Customers button on the top right of the page that links directly to the Customer Management - Customers page.
By clicking on a Customer Name in this table, you can navigate to any of your Managed Customers’ Platform Home to access their products, as well as User Management and other settings if you have a Platform Administrator role for that customer.
To change which Customer you are currently viewing, you can click the View Customer Table link at the top of the page at any time. This will return you to the Select Customer Account table.
Managed Customer Experiences
As explained in the Establish the Partner-managed customer relationship section, a Platform Administrator within the Managed Customer must approve any Partner requests to manage their account. A Platform Administrator within the Managed Customer can also perform two related actions once this relationship has been established in the Company Settings tab:
- They can change their email notification settings. For example, whether they wish to get notified when Partner user access is granted or removed from their customer account.
- They can remove Partner access from the customer account. In this case, the Partner would no longer have authority to grant access to Partner users for the customer account.
Create a Managed Customer POC
Partner Platform Administrators can create new Managed Customer prospects for the purpose of performing a free proof of concept (POC) of Rapid7 security solutions. The duration of the POC will be time limited, after which you can reach out to Rapid7 should the prospective customer wish to progress to a paid-for service.
Available products
This feature is initially limited to InsightIDR and InsightConnect but will be extended to other products in the future.
To begin creating a new Managed Customer, click Create New Customer in the upper right corner of the Manage Customer Access screen. This will open the Create New Customer form:
- Enter the Customer Account Details of the new Managed Customer.
- In the First User Details dropdown menu, select which existing user (linked to your MSSP Partner account) will be able to access the new customer you are creating.
- In the Add Product License section, select the products that you wish to grant to the new Managed Customer for POC evaluation.
- Select the Data Storage Region where the products will be deployed.
- Finally, click Create New Customer at the bottom of the form.
The process will take a short time to complete. Upon completion, you will be returned to the Manage Customer Access screen where you will be able to see details of the new Managed Customer that you have created.
The user that has been granted access can then immediately sign in and access the new Managed Customer account using the Select Customer Account table. Additional Partner users can then be added to this Managed Customer by clicking the Customer Name, then by clicking Assign User Access.
Create a POC for existing Managed Customers
For existing Managed Customers, you can also add new product POCs using Create New Product License:
- Click the Customer Name from the Manage Customer Access table.
- Click Create New Product License.
- Select the products to add as POCs for the Managed Customer.
- Select a Product Administrator.
- Finally, click Create New Product License.
Once the new POC has been created, users can be assigned to the product within the User Management section of the Command Platform by any Platform Administrator.
Extend or purchase a license
In the case that your customer would like to extend their POC or proceed to purchase the product, you can start the process by contacting Rapid7 with a formatted email:
- Click the Customer Name from the Manage Customer Access table.
- For each product, select Extend POC License or Purchase License as required.
This will generate an email with specific product details for your Rapid7 representative.
Delete a Managed Customer
Any Managed Customers that you created for the purpose of a POC can also be deleted. By deleting a Managed Customer, all the products and data associated with that customer will be erased. This includes any users created within that Managed Customer account.
To delete a Managed Customer:
- Navigate to the Customer Management - Customers page.
- Click the Customer Name from the table.
- Click on the Delete Customer button below the Customer’s name.
- Click Delete Customer to confirm the deletion.
Alternatively:
- Navigate to the Customer Management - Customers page.
- Click on the trash icon on the right of the table for the customer you want to delete.
- Click Delete Customer to confirm the deletion.