Enable InsightVM Platform Login

This article contains comprehensive documentation on the new InsightVM Platform Login experience. In the following sections, we’ll cover how this feature streamlines how you access Security Console and cloud-based features in InsightVM, explain the benefits offered by enablement, and provide instructions on how to do so.

What is InsightVM Platform Login?

The InsightVM Platform Login experience consolidates all console and cloud-based InsightVM pages and features into a single interface that you access exclusively through insight.rapid7.com. This functionality allows for the following improvements:

  • You will no longer have to log in to the Security Console directly to use console-based pages and features, such as site creation and management, the Home page, and the Vulnerabilities page.
  • You will open the complete InsightVM interface from the same Platform Home product launcher as other Insight products, such as InsightIDR and InsightAppSec.

This early version of InsightVM Platform Login is a personal experience. Enablement happens on an individual user basis. Users who enable the feature do not affect the experience or login methods of those who decide not to.

Eligible users

At this time, the feature is only available to users with the Global Administrator role.

Benefits

Enabling InsightVM Platform Login also gives your organization access to the following additional features.

Scan Engine Management

The Scan Engine Management feature allows you to pair your on-premises Scan Engines to the Insight Platform for monitoring purposes. Available telemetry includes engine connectivity indicators, scan job metrics, and engine host resource usage figures.

Requirements

You must satisfy the following requirements to enable InsightVM Platform Login.

User role

Your user must have the Global Administrator role and must have been created after your Security Console was initially installed for the feature to be available. The nxadmin Global Administrator that's created by default with every console installation is not eligible for this experience.

Security Console version

Your Security Console must be on version 6.6.37 or later for this feature to be available.

Security Console connectivity

The host machine you intend to log in with must be on the same physical network or Virtual Private Network (VPN) as your Security Console host. If InsightVM is unable to connect to your Security Console any time after enablement, console-based pages and features will be unavailable until you can establish connectivity again.

Signed certificate recommendation

Although it’s not required, we suggest that your Security Console URL has an SSL certificate signed by a certificate authority. The InsightVM Platform Login experience will stop working if InsightVM encounters a certificate error from your browser when you attempt to access console-based pages. See the Managing the HTTPS certificate section of the Managing the Security Console article for instructions on how to apply a signed certificate.

If you prefer to resolve this issue with a quick temporary solution if it arises, see the workaround detailed in the Status and connection management section of this article.

External authentication sources

If you intend to use any external authentication sources, you’ll need to configure them in your Insight Platform settings. At this time, the Insight Platform supports these authentication schemes:

Security Console external authentication sources are not supported

Any Security Console-based external authentication sources (SAML, LDAP, Kerberos, or MFA) you may already have will no longer be usable after you enable InsightVM Platform Login.

Enablement paths

After you verify that you meet the requirements, you’re ready to enable InsightVM Platform Login. You can trigger the enablement window with either of the following product access paths.

Security Console path

The Security Console login path is the preferred enablement method because it involves fewer steps and does not require the user to enter their console URL manually:

  1. Access your Security Console and log in with your username and password. If applicable, use whichever console-based external authentication source you would typically use.
  2. When the InsightVM interface loads, open your user profile dropdown in the upper right corner of the screen and click Enable InsightVM Platform Login. You can also open your left menu and click any of the following cloud-based pages to trigger the enablement window:
    • Dashboard
    • Remediation Projects
    • Goals and SLAs
    • Automation
    • Containers
    • Cloud Configuration
    • Management
  3. When the enablement window appears, locate the confirmation checkbox and verify that the email address shown is the same address that you currently use to access insight.rapid7.com. If this address is correct, check the box to confirm.
  4. Click Enable.

After enabling the experience, you can continue using InsightVM as you normally would. As described earlier, you will use insight.rapid7.com to access InsightVM going forward.

Insight Platform path

You can also enable InsightVM Platform Login through the insight.rapid7.com access method. Note that you may need to provide your Security Console URL manually if you are the first user to enable the feature in this way:

  1. Go to insight.rapid7.com and log in with your account email address and password. If applicable, use whichever cloud-based external authentication source you would typically use.
    • If you are not directed to InsightVM automatically upon logging in, open the dropdown in the upper left corner of the screen and click InsightVM. You can also click Open on the InsightVM tile located on your Platform Home page.
  2. When the InsightVM interface loads, the enablement window will appear automatically. If it doesn’t, you can trigger it manually by opening your user profile dropdown in the upper right corner of the screen and clicking Enable InsightVM Platform Login.
  3. When the enablement window appears, you may need to enter your Security Console URL manually. This will be the case if you are the first user in your organization to try enabling the feature through this path. If this field appears, enter your Security Console URL.
    • The format of your URL must be a fully qualified domain name that includes either the http:// or https:// protocol.
  4. Locate the confirmation checkbox and verify that the email address shown is the same address that you currently use to access insight.rapid7.com. If this address is correct, check the box to confirm.
  5. Click Enable.

After enabling the experience, your InsightVM interface will reload to allow your Security Console pages to appear in the menu. After the changes take effect, you can continue using InsightVM as you normally would.

InsightVM Platform Login is live!

You will now access your complete InsightVM interface exclusively through insight.rapid7.com going forward.

Status and connection management

If you need to check the status of your Security Console connection or make changes to the URL, you can do so by navigating to the Security Console URL card located in the Org Settings tab:

  1. In InsightVM, open your left menu and click Management.
  2. Click the Org Settings tab. The Security Console URL card displays.

The card can display either a “Connected” or “Connection failed” status.

Troubleshoot a Security Console connection

The “Connection failed” status appears when InsightVM can’t get the expected response from your Security Console host. Console-based pages are unavailable while this status persists. Causes for this status could include:

  • Your Security Console host is offline.
  • The host you are using to access InsightVM is not on the same network as your Security Console host. If you rely on a VPN to satisfy this network requirement, there might be an issue with VPN connectivity.
  • The specified URL is not recognized as a Security Console.
  • InsightVM encountered a certificate error from your browser when attempting to connect to a console-based page. This can happen if your existing certificate is expired or if your console is still using the self-signed certificate that was included in the original installation.
    • As noted in the requirements, the best way to avoid this situation is ensuring that your Security Console has an SSL certificate signed by a certificate authority. However, you can resolve this error quickly by navigating directly to your Security Console URL in your browser and dismissing the certificate error that appears. Bypassing the error will allow InsightVM to connect to your Security Console again without any other configuration changes, but be aware that dismissing this error is a temporary solution. Your browser will produce a certificate error again after a period of time.

Edit your Security Console URL

If you need to change your currently specified Security Console URL for any reason, you can do so by clicking Edit on the bottom of the card. The same URL formatting requirements noted in the enablement instructions also apply to any changes you make here.

After entering your new console URL in the provided field, click Confirm to finish.