Configure Users

Administrator users can use the Users page to add new or manage current (or deleted) Threat Command users, including their own user. You can sort the Users page by the Name, Status, and Last active columns.

Analyst users can use the Settings > My Profile page to configure their user settings.

Use the Users page to configure these user settings:

  • Details - Set the user name, contact information, and notifications. You can also set a new user password.
  • Permissions - Set which role the user has.
  • An admin user has access to all parts of Threat Command. For an analyst user, you can select the parts of the application that each user can access as well as the level of use. For example, which alert types, which permitted actions, and which features of Threat Command Automation (IntSights Extend, Alert Profiler, etc.)
    temporary placeholder
  • 2FA - Set the two-factor settings, such to enable or disable, the 2FA methods, and backup codes.
    To set 2FA/MFA for users who have been migrated to Rapid7 Platform, see

You can download the details of all users to a CSV file, as described in Download user details.

Users of Okta SSO can also provision users using SAML JIT, as described in Configure Okta SSO.

Add users

You can manually add users. You can also copy a current analyst user and create a new one with identical permissions.

To add a user from scratch:

  1. Select Settings > Users > Active.
  2. Click temporary placeholder in the lower-right corner of the screen.
  3. On the Details tab, type user details.
  4. On the Permissions tab, set user type and permissions.
  5. On the 2FA tab, select whether this user requires 2-factor authentication.
  6. Click Save.

To add an analyst user with identical permissions as an existing analyst user:

  1. Select Settings > Users > Active.
  2. From the Analysts section of the page, click the copy icon:
    temporary placeholder
    If the user is collapsed, hover on their line to show the icon.
    A new user is opened with identical permissions.

Manage active users

You can manage your user as well as the user of other admin or analyst users.

To manage users:

  1. Select Settings > Users > Active.
  2. Select a user from the Admins or Analysts sections.
    The user record expands.
  3. To delete the user, click test and confirm the deletion.
  4. On the Details tab, you can perform the following activities:
To do thisDo this
Set user personal or contact details.Type the details.
Change a password. You can change your password or the password of analyst (not admin) users.For your ID, click Change password. For other IDs, click Reset User Password.
Password requirements:
- Length of 6 to 64 characters
- At least one lower case English letter
- At least one upper case English letter
- At least one 0-9 digit At least one of these special characters:
- No white space Not a password that was already used. Passwords expire every three months.
Set notifications.Select on which severity alerts and threats to get email and SMS notifications.
Email a daily activity report.Select Email daily report.
Email a biweekly threat landscape report.Select Threat landscape biweekly report.
  • To set user personal or contact details, type the details.
  • To change your password, click Change password.
  • To change the password of another user (analyst only, not admin), click Reset User Password.
  1. On the Permissions tab, select if the user should be an Admin or Analyst.
    Admin users will have all permissions, and this cannot be changed.
  2. For an analyst user, select the permissions to grant the user, then click Save.
  3. On the 2FA tab, you can perform the following activities, then click Save:
To do thisDo this
Enable or disable 2FA. If you enable, this user will need to authenticate for each login.Toggle the Enable/disable switch.
Generate backup codesClick Generate codes
  1. Click Save.
    The user settings are updated.

Delete a user

An admin account can delete any user, except themselves.

When a user is deleted:

  • The user remains assigned to closed alerts, enabling you to validate if the alert was handled correctly.
  • The user is removed as a watcher from all alerts.

To delete a user:

  1. Choose Settings > Users.
    The Active tab shows all active users.
  2. Hover over a user name, and click the delete icon at the far right.
    The user is deleted.

Restore deleted users

You can restore users that were previously deleted.

To restore users:

  1. Choose Settings > Users> Deleted users.
  2. Select users to restore.
  3. Click Restore.
    The users are restored to active status.

Download user details

You can download the details of all users to a CSV file, regardless of what their status is.

To download user details:

  1. Choose Settings > Users> Deleted users.
  2. Click Export CSV.

A CSV file is downloaded to your default download location.