Vulnerability Management (InsightVM) Platform Login

Vulnerability Management (InsightVM) Platform Login consolidates our Security Console and cloud-based features into a single product interface by using insight.rapid7.com. Enable this login experience to help improve your overall product experience.

The Vulnerability Management (InsightVM) Platform Login allows you to access console-based tabs and cloud-based features from a single location on the Insight Platform, which means you no longer have to maintain multiple sets of credentials and authentication methods for the different parts of InsightVM. Instead, you can interact seamlessly with features specific to the Insight Platform such as Scan Engine Management, a feature that is available after enabling Vulnerability Management (InsightVM) Platform Login.

ℹ️

We recommend using Vulnerability Management (InsightVM) Platform Login

We recommend that all eligible users enable Vulnerability Management (InsightVM) Platform Login to avoid a disjointed product experience. Enabling Vulnerability Management (InsightVM) Platform Login also protects your environment from potential insufficient session expiration. CVE-2021-3844 is an active example of this type of vulnerability.

Requirements for enablement

Once your Global Administrator has enabled Vulnerability Management (InsightVM) Platform Login, all Security Console users are eligible for Vulnerability Management (InsightVM) Platform Login.
Your Security Console must be on version 6.6.62.
The machine you want to use the Vulnerability Management (InsightVM) Platform Login on must be on the same physical network or Virtual Private Network (VPN) as the host machine on which your Security Console is installed. If Vulnerability Management (InsightVM) is unable to connect to your Security Console any time after enablement, console-based pages and features are unavailable until connectivity is established again.

Vulnerability Management (InsightVM) Platform Login allows insight.rapid7.com to consolidate feature experiences by loading interfaces from your console host when needed by referencing your console URL. This means that you no longer have to log in to your console directly to access features such as site creation and configuration, scan credentials, and asset groups.

Vulnerability Management (InsightVM) Platform Login is an individual user experience. Enabling the experience for your own user account does not affect the login workflow of other Vulnerability Management (InsightVM) users that have not enabled it yet.

Once enabled, you access Vulnerability Management (InsightVM) through insight.rapid7.com by default with either your Insight account email address and password, or according to the company-wide authentication method configured by your Platform Administrator.

FAQ

What happens to my old login?

Older Security Console login methods will be deprecated for your user account. Any console-based external authentication source configured for your account (e.g. SAML, LDAP, or Kerberos) will no longer work.

To accommodate an easier transition to the new Vulnerability Management (InsightVM) Platform Login workflow, a 60-day grace period (starting from the time you first enable the experience) will allow your user account to continue using deprecated console login methods before they are disabled for you permanently.

As mentioned previously, enabling Vulnerability Management (InsightVM) Platform Login for your user account will not affect the login workflow of other Vulnerability Management (InsightVM) users that have not enabled it yet, including those who log in directly to the Security Console manually or through a console-based authentication source.

Does Insight Platform Login require additional authentication?

With access to Vulnerability Management (InsightVM) now consolidated exclusively on insight.rapid7.com, you will need to use the company-wide authentication setting configured by your Platform Administrator (if your organization requires a more robust authentication method beyond your standard Insight credentials).

You must use the source configured in your Insight Platform settings to use an external authentication source with Vulnerability Management (InsightVM) Platform Login. If you do not have an existing source, a user in your organization with Platform Administrator privileges will need to configure a new one for you.

There is only one Insight Platform authentication setting allowed at a time, and is enforced to all users. At this time, the Insight Platform supports the following authentication methods:

SAML authentication supports both Identity Provider (IdP) and Service Provider (SP) initiated logins.
Multi-factor authentication (MFA) that is layered onto the standard Insight account authentication method.

⚠️

Security Console external authentication sources are not supported

Any Security Console-based external authentication sources (SAML, LDAP, or Kerberos) you may already have are no longer usable for your user account after enabling Vulnerability Management (InsightVM) Platform Login.

How are Insight Platform credentials determined?

Insight Platform credentials are email-based and allow you to use additional Platform-based features and multiple Insight products as long as you’ve been granted access to them. If Vulnerability Management (InsightVM) can’t find a matching Insight account based on the email address specified in your Security Console user configuration, we’ll create one for you automatically.

ℹ️

Signed certificate recommendation

We recommend you have a SSL certificate signed by a certificate authority for your Security Console URL. The Vulnerability Management (InsightVM) Platform Login experience stops working if Vulnerability Management (InsightVM) encounters a certificate error from your browser when you attempt to access console-based pages. See the Managing the HTTPS certificate section of the Managing the Security Console article for instructions on how to apply a signed certificate.

For a quick, but temporary, solution, see the Status and Connection Management section.

Can Vulnerability Management (InsightVM) Platform Login be disabled?

As of product release 6.6.86 (June 2, 2021), you are able to disable the Vulnerability Management (InsightVM) Platform Login through the Run section of InsightVM.

❌

Vulnerability exposure risk

We strongly recommend that you continue to use Vulnerability Management (InsightVM) Platform Login. If you choose to disable the Vulnerability Management (InsightVM) Platform Login, your environment may be vulnerable to insufficient session expiration. Disabling Vulnerability Management (InsightVM) Platform Login will expose you to CVE-2021-3844 .

ℹ️

Who can disable Vulnerability Management (InsightVM) Platform Login?

You must have the necessary administrator privileges to complete this request.

Disable your Vulnerability Management (InsightVM) Platform Login

In the navigation menu, click Administration, in the Console > Troubleshooting section, click Run commands.
Enter one of the following commands:
- To disable a single user, enter: platform-login disable user1
- To disable multiple users, enter: platform-login disable user1, user2, user3
- To disable all users, enter: platform-login disable *

If you do not choose to disable all users at once, a global administrator must remain enabled for Vulnerability Management (InsightVM) Platform Login until all non-administrative users have been reverted.

For further assistance, reach out to our support team through the Customer Support Portal.

Enable Security Console Login

Access your Security Console and log in with your username and password. If applicable, use whichever console-based external authentication source you would typically use.
When the Vulnerability Management (InsightVM) interface loads, open your user profile dropdown in the upper right corner of the screen and click Enable Vulnerability Management (InsightVM) Platform Login. You can also expand the menu and click any of the following cloud-based pages to trigger the enablement window:
- Dashboard
- Remediation Projects
- Goals and SLAs
- Automation
- Containers
- Cloud Configuration
- Management
When the enablement window appears, locate the confirmation check box and verify that the email address shown is the same address that you currently use to access insight.rapid7.com. If this address is correct, select the confirmation box.
Click Enable.

After you verify that you meet the requirements, you’re ready to enable Vulnerability Management (InsightVM) Platform Login.

ℹ️

Is your organization new to Platform Login?

You may need to provide your Security Console URL manually if you are the first user in your organization to enable this feature.

Go to insight.rapid7.com and log in with your Insight account email address and password. If applicable, use whichever cloud-based external authentication source you would typically use.

If you are not directed to Vulnerability Management (InsightVM) automatically upon logging in, you can access the product by clicking Open on the Vulnerability Management (InsightVM) tile located on the Platform Home page or by clicking Vulnerability Management (InsightVM) in the products menu bar.
When Vulnerability Management (InsightVM) loads, the enablement window appears automatically. If the window doesn’t appear, you can launch it manually from your user profile by clicking Enable Vulnerability Management (InsightVM) Platform Login.
If you are the first user in your organization to enable Vulnerability Management (InsightVM) Platform login, enter the Security Console URL.

The format of your URL must be a fully qualified domain name that includes either the http:// or https:// protocol.
Verify that the email address is the same address that you used to access insight.rapid7.com. If this address is correct, select the confirmation box.
Click Enable.

After enabling the experience, your Vulnerability Management (InsightVM) interface will reload to allow your Security Console pages to appear in the menu.

Status and connection management

You can check the status of your connection and make URL changes on the Security Console URL card located in Management > Org Settings.

The card can display either a Connected or Connection failed status.

Troubleshoot your connection

Possible causes	Potential solutions
Your Security Console host is offline.	Check for connectivity issues.
The host you are using to access Vulnerability Management (InsightVM) is not on the same network as your Security Console host.	Check your VPN connection.
The specified URL is not recognized as a Security Console.	The URL you’ve set up may have changed or been incorrectly submitted. 1. Log in to insight.rapid7.com > select Vulnerability Management (InsightVM) > Management > Org Settings. 2. Check that the URL is listed. 3. If it is not listed or is misspelled, re-enter your URL correctly.
Vulnerability Management (InsightVM) encountered a certificate error from your browser when attempting to connect to a console-based page. This can happen if your existing certificate has expired or if your Security Console is still using the self-signed certificate that was included in the original installation.	The best way to avoid this is by ensuring your Security Console has an SSL certificate signed by a certificate authority. For a quick, but temporary, solution, dismiss the certificate error from your Security Console URL. This allows you to connect Vulnerability Management (InsightVM) to your Security Console without needing additional configuration changes. You will continue to receive certificate errors until your SSL certificate is signed.

Edit your Security Console URL

Click Edit on the bottom of the card.

The same URL formatting requirement applies to any changes you make here.
Enter your new Security Console URL.
Click Confirm to finish.

Vulnerability Management (InsightVM) Platform Login

Why should I enable Vulnerability Management (InsightVM) Platform Login?