Integrating Rapid7 InsightVM and Nexpose with Okta

With the latest release of Nexpose and InsightVM (6.5.11) Rapid7  users now can authenticate against SAML 2.0 compliant solutions.

https://help.rapid7.com/nexpose/en-us/release-notes/

  • Users can now use SAML 2.0 compliant solutions such as Okta to authenticate to the Security Console.

For more info and for the documentation you can visit

For InsightVM:

https://insightvm.help.rapid7.com/docs/configuring-saml-20-authentication

For Nexpose:

https://nexpose.help.rapid7.com/docs/configuring-saml-20-authentication 

In this documentation we will show how you can setup a SAML 2.0 authentication with Nexpose/IVM using Okta Preview Sandbox environment.

  1. You need to visit https://developer.okta.com/ to create an instance for your demo environment. On that page click on “SIGN UP” button

 

  1. After that you need to fill in the information to create your Sandbox Instance.

  1. You will receive an email with your instance details that is created for you like below

  1. Click on Sign In below. When you click on it you will go to your instance URL.In our example our instance is dev-467312 and our instance URL is https://dev-467312.oktapreview.com/ . After changing your temporary password you will have this web interface.

  1. Click on your name above and then Click to “Assign Applications” as show below

  1. Then to “Add Application” on below

  1. Click on “Create New App” as shown:

     

  2. On new window select Web Application and SAML 2.0


 

  1. On new window there are 3 steps to fill in. Give application a name. Upload logo if you want

     

  2. Second tab is “Configure SAML” for this we need to login to Nexpose/InsightVM console as admin user. Go to Administration Console Administer Security Console Configuration Authentication and click on “Authentication” Tab.

     

  3. After clicking on “Confugure SAML Source” . Copy “Entity Id”
  4. Then return to OKTA for step 3 and fill following. On above screenshot Paste it to “Audience URI (SP Entity ID) and for Single Sign On URL it is https://<CONSOLE_IP>:<PORT>/saml/SSO Console IP is Nexpose/IVM Console IP

     

     

  5. Then on following screen Click Finish

  1. After clicking “Finish” you will see following screen. On This screen we need to copy IDP Metadata

     

     

  2. To get IDP Metadata click on “Developer Console” and choose “Classic UI”

  1. Go to Applications and select our freshly created App

     

  2. Click on “Sign On”
  3. And “View Setup Instructions”
  4. After that copy contents of “IDP Metadata” on new browser window:

     

  5. And paste it on to your Nexpose “Configure SAML Authentication” page (Can be accessed by going Administration Console Administer Security Console Configuration Authentication and click on “Authentication” Tab. ) and click SAVE
  6. Then save all authentication Configuration:
  7. Then on Nexpose/IVM console go to Administration Users Create and Choose SAML method for authentication method and fill in the email as we have selected email for auth method on OKTA. Assing a ROLE on next page and save. This email must match our email at OKTA users

It will be like

  1. As the last step we need to assign user to our newly created Rapid7 application on OKTA Developer Console. Go to Applications and Select RAPID7 app we created then Click “Assign to Users

  1. Following screen will come. Select user and click on “Assign”

  1. Then verify the username as email on next section

  1. Finally verify on OKTA Developer Console that you assigned that user to your Application

  1. After that you can login to Nexpose/IVM going your instance OKTA with following URL: https://<<YOUR_INSTANCE>.oktapreview.com/app/UserHome in our case it will be https://dev-467312.oktapreview.com/app/UserHome

Click on your “RAPID7” Application and you can login to your Nexpose/IVM console without entering your username/password as seen above