Enable InsightVM Platform Login

InsightVM Platform Login is a new login experience that consolidates all legacy Security Console and modern cloud-based features into a single product interface accessed exclusively through insight.rapid7.com.

Read this article to learn how InsightVM Platform Login improves your overall product experience, understand why enablement is necessary, and get a walkthrough on how you can enable this new login method for your own account.

Why should I enable InsightVM Platform Login?

As InsightVM continues on its journey to becoming a fully cloud-native solution, the different login methods that it currently supports determine how complete your InsightVM experience is at any one time. At present, accessing any console-based tabs (such as Assets, Vulnerabilities, and Reports) requires you to log in directly to your Security Console with a separate set of credentials. Meanwhile, accessing InsightVM through the Insight Platform alongside your other Insight products (like InsightIDR and InsightAppSec) limits your InsightVM interface to cloud-based features only.

InsightVM Platform Login solves this problem. By enabling this experience:

  • The complete InsightVM product experience will be available from a single location on the Insight Platform.
  • You will no longer need to maintain multiple credential sets and authentication methods for different parts of InsightVM.
  • You will be able to interact seamlessly with features specific to the Insight Platform, such as Scan Engine Management (a feature that will be made available to you after enabling InsightVM Platform Login).

To resolve a disjointed product experience and make use of these benefits, we recommend that all eligible users enable InsightVM Platform Login. Consider this process as reaching an early milestone towards cloud nativity that puts you in the best position to take advantage of future InsightVM product developments as they are released.

How does InsightVM Platform Login work?

The full functionality of your InsightVM product is composed of both an on-premises Security Console and cloud features delivered through the Insight Platform. InsightVM Platform Login allows insight.rapid7.com to simulate a consolidated feature experience by loading interfaces from your console host when it needs to by referencing your console URL. This frees you from having to log in to your console directly to access those same features (such as site creation and configuration, scan credentials, and asset groups).

InsightVM Platform Login is a personal experience and is enabled on a per-user basis. Enabling the experience for your own user account will not affect the login workflow of other InsightVM users that have not enabled it yet.

Once enabled, you will access InsightVM exclusively through insight.rapid7.com going forward with either your Insight account email address and password, or according to the company-wide authentication method configured by your Platform Administrator.

What else do I need to know?

After you enable InsightVM Platform Login, be aware that the following applies:

  • It is not reversible - Once enabled for your user account, the change is permanent.
  • Enabling InsightVM Platform Login as a Global Administrator extends eligibility to your non-admin users - The initial enablement opportunity for InsightVM Platform Login is limited to Global Administrators. If your Security Console user role has Global Administrator privileges, be aware that enabling InsightVM Platform Login for yourself extends the enablement opportunity to all other non-admin users as defined in your console user management table.
  • Older Security Console login methods will be deprecated for your user account - Enabling InsightVM Platform Login will make the legacy Security Console login screen unusable for your user account. This also means that any console-based external authentication source you have configured (whether the source is SAML, LDAP, or Kerberos-based) will no longer work for your user account.
    • To accommodate an easier transition to the new InsightVM Platform Login workflow, a 60-day grace period (starting from the time you first enable the experience) will allow your user account to continue using deprecated console login methods before they are disabled for you permanently.
    • As mentioned previously, enabling InsightVM Platform Login for your user account will not affect the login workflow of other InsightVM users that have not enabled it yet, including those who log in directly to the Security Console manually or through a console-based authentication source.
  • If you intend to use an external authentication method, you must use an Insight Platform-based source - With access to InsightVM now consolidated exclusively on insight.rapid7.com, you will need to use the company-wide authentication setting configured by your Platform Administrator (if your organization requires a more robust authentication method beyond your standard Insight credentials).
  • A new Insight account will be created for you if one is not already associated with your Security Console user account - Insight Platform credentials are email-based and allow you to use additional Platform-based features and multiple Insight products as long as you’ve been granted access to them. If InsightVM can’t find a matching Insight account based on the email address specified in your Security Console user configuration, we’ll create one for you automatically.

Requirements for enablement

You must meet the following requirements to enable InsightVM Platform Login for your user account:

  • User role - All Security Console users, whether they are configured to authenticate locally or through an external source, are eligible for InsightVM Platform Login except the default nxadmin Global Administrator that’s created automatically with every console installation.
    • Non-admin Security Console user accounts will not have the opportunity to enable InsightVM Platform Login until a Global Administrator in your organization enables it first.
  • Security Console version - Your Security Console must be on version 6.6.62 or later for the enablement opportunity to be available.
  • Security Console connectivity - The workstation you intend to use to log in to InsightVM after enablement must be on the same physical network or Virtual Private Network (VPN) as the host machine on which your Security Console is installed. If InsightVM is unable to connect to your Security Console any time after enablement, console-based pages and features will be unavailable until you can establish connectivity again.

Signed certificate recommendation

We recommend that your Security Console URL has an SSL certificate signed by a certificate authority. The InsightVM Platform Login experience will stop working if InsightVM encounters a certificate error from your browser when you attempt to access console-based pages. See the Managing the HTTPS certificate section of the Managing the Security Console article for instructions on how to apply a signed certificate.

If you prefer to resolve this issue with a quick temporary solution if it arises, see the workaround detailed in the Status and connection management section of this article.

  • Insight Platform-based external authentication sources - If you intend to use an external authentication source with InsightVM Platform Login, you must use the source configured in your Insight Platform settings. If you do not have an existing source, a user in your organization with Platform Administrator privileges will need to configure a new one for you. Unlike the console-based external authentication sources that are assigned on a per-user basis, there is only one Insight Platform authentication setting allowed at any one time, and this setting is enforced to all users company-wide. At this time, the Insight Platform supports the following authentication methods:

Security Console external authentication sources are not supported

As a reminder, note that any Security Console-based external authentication sources (SAML, LDAP, or Kerberos) you may already have will no longer be usable for your user account after you enable InsightVM Platform Login.

Paths to enable InsightVM Platform Login

After you verify that you meet the requirements, you’re ready to enable InsightVM Platform Login. You can trigger the enablement window with either of the following product access paths.

Security Console path

The Security Console login path is the preferred enablement method because it involves fewer steps and does not require you to enter your console URL manually:

  1. Access your Security Console and log in with your username and password. If applicable, use whichever console-based external authentication source you would typically use.
  2. When the InsightVM interface loads, open your user profile dropdown in the upper right corner of the screen and click Enable InsightVM Platform Login. You can also open your left menu and click any of the following cloud-based pages to trigger the enablement window:
    • Dashboard
    • Remediation Projects
    • Goals and SLAs
    • Automation
    • Containers
    • Cloud Configuration
    • Management
  3. When the enablement window appears, locate the confirmation checkbox and verify that the email address shown is the same address that you currently use to access insight.rapid7.com. If this address is correct, check the box to confirm.
  4. Click Enable.

After enabling the experience, you can continue using InsightVM as you normally would.

InsightVM Platform Login is live!

You will now access your complete InsightVM interface exclusively through insight.rapid7.com going forward.

Insight Platform path

You can also enable InsightVM Platform Login through the insight.rapid7.com access method. Note that you may need to provide your Security Console URL manually if you are the first user in your organization to enable the feature in this way:

  1. Go to insight.rapid7.com and log in with your Insight account email address and password. If applicable, use whichever cloud-based external authentication source you would typically use.
    • If you are not directed to InsightVM automatically upon logging in, open the dropdown in the upper left corner of the screen and click InsightVM. You can also click Open on the InsightVM tile located on your Platform Home page.
  2. When the InsightVM interface loads, the enablement window will appear automatically. If it doesn’t, you can trigger it manually by opening your user profile dropdown in the upper right corner of the screen and clicking Enable InsightVM Platform Login.
  3. When the enablement window appears, you may need to enter your Security Console URL manually. This will be the case if you are the first user in your organization to try enabling the feature through this path. If this field appears, enter your Security Console URL.
    • The format of your URL must be a fully qualified domain name that includes either the http:// or https:// protocol.
  4. Locate the confirmation checkbox and verify that the email address shown is the same address that you just used to access insight.rapid7.com. If this address is correct, check the box to confirm.
  5. Click Enable.

After enabling the experience, your InsightVM interface will reload to allow your Security Console pages to appear in the menu. After the changes take effect, you can continue using InsightVM as you normally would.

InsightVM Platform Login is live!

You will now access your complete InsightVM interface exclusively through insight.rapid7.com going forward.

Status and connection management

If you need to check the status of your Security Console connection or make changes to the URL, you can do so by navigating to the Security Console URL card located in the Org Settings tab:

  1. In InsightVM, open your left menu and click Management.
  2. Click the Org Settings tab. The Security Console URL card displays.

The card can display either a “Connected” or “Connection failed” status.

Troubleshoot a Security Console connection

The “Connection failed” status appears when InsightVM can’t get the expected response from your Security Console host. Console-based pages are unavailable while this status persists. Causes for this status could include:

  • Your Security Console host is offline.
  • The host you are using to access InsightVM is not on the same network as your Security Console host. If you rely on a VPN to satisfy this network requirement, there might be an issue with VPN connectivity.
  • The specified URL is not recognized as a Security Console.
  • InsightVM encountered a certificate error from your browser when attempting to connect to a console-based page. This can happen if your existing certificate is expired or if your console is still using the self-signed certificate that was included in the original installation.
    • As noted in the requirements, the best way to avoid this situation is ensuring that your Security Console has an SSL certificate signed by a certificate authority. However, you can resolve this error quickly by navigating directly to your Security Console URL in your browser and dismissing the certificate error that appears. Bypassing the error will allow InsightVM to connect to your Security Console again without any other configuration changes, but be aware that dismissing this error is a temporary solution. Your browser will produce a certificate error again after a period of time.

Edit your Security Console URL

If you need to change your currently specified Security Console URL for any reason, you can do so by clicking Edit on the bottom of the card. The same URL formatting requirements noted in the enablement instructions also apply to any changes you make here.

After entering your new console URL in the provided field, click Confirm to finish.