Deployment Guide
InsightGovCloud provides government agencies with FedRAMP-certified security capabilities; all accessible from our centralized Command Platform.
This deployment guide describes each phase of the InsightGovCloud deployment process, based on whether you are an existing Rapid7 commercial customer or a new customer.
Existing Rapid7 customers
If you’re an existing Rapid7 commercial customer preparing to transition to our FedRAMP-authorized InsightGovCloud environment, the approach that is outlined here ensures your organization can remain secure and compliant throughout the deployment process.
It outlines the steps required for your company administrator to deploy each capability and describes:
- The prerequisites and system requirements that are needed to ensure your net-new instance of InsightGovCloud gets up and running smoothly.
- The settings that we recommend you copy from your commercial deployment and implement in the new instance.
Phase 1: Prepare for deployment
To ensure you can get up and running with InsightGovCloud as quickly as possible, it’s important to understand your new offering and the necessary deployment tasks - as well as to create a plan for deployment.
Rapid7 will create a dedicated Command Platform account for you within our secure, FedRAMP-authorized, InsightGovCloud environment. This new account is completely separate from your existing commercial account and will operate independently.
Included capabilities
Several capabilities can be licensed and packaged with the InsightGovCloud offering and some features are excluded. For a detailed list, review the InsightGovCloud Overview.
Prerequisites
The user who deploys InsightGovCloud must have administrator privileges, both for the Rapid7 account and for any cloud accounts that may need to connect to InsightGovCloud.
If you require a license for InsightGovCloud and some or all of the included capabilities, contact the Rapid7 Federal Sales team by emailing sales@rapid7.com.
If you already have an InsightGovCloud license but want to add a capability you don’t have, contact your Rapid7 Federal Customer Success Manager or submit a request through the Federal Customer Support Portal .
Vulnerability Management (InsightVM) requires firewall rule updates
If you are deploying Vulnerability Management (InsightVM) in InsightGovCloud, you must prepare by updating your firewall rules. Allow time for this before you start the deployment.
Phase 2: Set up your Command Platform account
The Rapid7 Command Platform is your base within InsightGovCloud where you can access Rapid7’s cloud offerings, capabilities, and services. It provides a centralized location for administrative functions and makes navigating the core features simple.
If you are an existing Rapid7 commercial customer preparing to transition to our FedRAMP-authorized environment, the following tasks outline how to successfully set up your Command Platform account. This ensures your organization remains secure and compliant throughout the process.
Task 1: Activate your new account
Rapid7 will create a dedicated Command Platform account for you within our secure, InsightGovCloud environment.
If you are an existing customer, this new account is completely separate from your commercial account and will operate independently. Unless you specify otherwise, you can use your existing email address to log in to insight.rapid7-gov.com/login .
To create an account:
- Check your corporate email inbox for an email from the Rapid7 Command Platform team.
- Visit insight.rapid7-gov.com/login .
- Select Haven’t activated your account?.
- Enter your corporate email address to receive an activation email with next steps. If you do not receive an activation email, reach out to your Rapid7 Federal Customer Success Manager.
- Refer to the activation email with the subject line Rapid7 Insight: Activate Your Account and follow the instructions to activate your Command Platform account.
After you log in for the first time, your environment should include the capabilities covered by your license; however, there may be some additional steps to take as described in Phase 3.
Task 2: Build Identity and Access Management (IAM)
If you are an existing customer, you must recreate the Identity and Access Management configuration that you had in the commercial environment in your new InsightGovCloud account.
The IAM configuration includes:
- Users – Create (or recreate) each individual user along with their access rights and attributes. For instructions, go to Permission-based user management .
- Organizations – Rapid7 is responsible for defining all organizational units and their associated offerings.
- Roles – Build (or rebuild) user roles, ensuring permissions are aligned. For more information, read about Rapid7 built-in roles .
- Privileges – Assign users and roles the correct privileges for the capabilities they need access to. For instructions, go to Edit individual access .
Task 3: Generate your API keys
If you are an existing customer, API keys that you used in your commercial account can’t be transferred. You must generate all keys as new and configure them within the InsightGovCloud environment. For instructions, go to Managing Platform API keys .
Task 4: Configure security policies
To ensure consistent security standards, you’ll need to manually configure key policies in your new InsightGovCloud account:
- Password Policies – Set rules for password strength, history, and expiration. For more information, read about Password policy settings .
- Multi-Factor Authentication (MFA) – Enable and enforce one of the FedRAMP-authorized MFA methods: WebAuthn or Okta Verify. For instructions, go to Multi-factor authentication .
- External Single Sign-On (SSO) – Set up integrations (such as SAML 2.0) with your identity provider for seamless access control. For more information, go to Configure single sign-on access to the Command Platform .
Task 5: (Optional) Configure Personal Identity Verification (PIV) card authentication
If your organization requires PIV cards for authentication, this can be supported through your SAML 2.0-compliant SSO provider.
The InsightGovCloud environment is fully compatible with these configurations, enabling secure identity verification through your external provider.
This task applies equally to both new and existing customers deploying InsightGovCloud.
Phase 3: Deploy capabilities in your InsightGovCloud environment
To make sure you can use the capabilities in InsightGovCloud that you have licenses for, read the deployment documentation and complete the necessary steps.
- Deploy Vulnerability Management (InsightVM)
- Deploy Cloud Security (InsightCloudSec)
- Deploy Automation (InsightConnect)
- Deploy Rapid7 Agent (Insight Agent)
Get support
All customers must request the assistance of a Rapid7 Deployment Engineer to complete this deployment. Contact your Rapid7 Federal Customer Success Manager or submit a request through the Customer Support Portal.
General contact information is available at rapid7.com/for-customers .