Skip to main content

Moving from Invicti Enterprise to Invicti Platform

We are excited to upgrade your account to the new Invicti Platform. This transition represents a significant step forward in our technology, offering a more robust, scalable, and modern architecture.

Because Invicti Platform features a new design and enhanced architecture compared to Invicti Enterprise, the upgrade process involves specific logic regarding your data. While we have ensured that your core configurations and assets are carried over, some historical data and specific settings require a fresh start or manual configuration.

Below is the detailed breakdown of what to expect during your upgrade.

Infrastructure & access requirements

Before running scans on the new platform, you must account for our new infrastructure.

  • Trustlisting: Invicti Platform operates on a new infrastructure with different IP addresses and access requirements. Your existing allowlists (firewall rules) from the legacy platform won't work.
    • Action required: You must update your network settings to allow our new IP ranges. Consult the Trustlist requirements documents.

What is carried over

The following assets, users, and configurations are automatically moved to the new platform. Please note that while these items are carried over, some may require final verification or additional steps as noted.

Accounts & users

  • Accounts: your root account is carried over.
  • Users: all user accounts are carried over, including their existing passwords and 2FA settings.
  • User profile settings: individual user preferences and profile details are retained.
  • User groups: your existing group structures remain intact.
  • RBAC settings (custom roles): custom roles are carried over. Since the permission structure has evolved, we map these to the best possible matching permissions in the new platform.
  • User access settings: existing access configurations are preserved.

Targets & scanning configurations

  • Targets: your complete target inventory is carried over, including Target settings, Linear Scan Rules (LSRs), Business Logic Recorders (BLRs), and Import files.
  • Target groups: groupings of targets are retained.
  • Scan profiles and policies: your custom scan definitions and policies are carried over.
  • Web discovery: all web discovery settings and discovered records are retained.
  • API security settings: your specific API security configurations are carried over.
  • Excluded hours: time windows where scanning is forbidden are preserved.

Automation & scheduling

  • Scheduled / future scans: all scheduled scans are carried over and are enabled by default.

Integrations & connectivity

  • Internal scanning agents: configurations are carried over, meaning the Agent-to-Target relationships are retained.

    note

    You need to install the new Invicti Platform Agents. See upgrade steps document.

  • Issue tracker integrations: integrations supported by the Invicti Platform are carried over.

  • IAST: Interactive Application Security Testing settings are carried over.

    • Additional configuration steps are required. Read the IAST guide.

Authentication & SSO

  • Form authentication: these settings are carried over, but the new engine requires additional verification.
    • Required action: please follow the Form Authentication steps here.
  • SSO settings: single sign-on configurations are carried over.
    info

    Critical considerations and additional steps are required to finalize SSO. View the SSO upgrade steps.

What isn't carried over

Due to architectural differences and the opportunity to provide a cleaner environment, the following data and settings aren't carried over.

Historical data & reporting

  • Past scans: historical scan data (including HTTP requests/responses and Scan Activity logs) isn't carried over.
  • Vulnerabilities: existing vulnerability records aren't carried over. Vulnerability data will populate fresh as you run new scans on the Invicti Platform.
  • Reports: saved historical reports aren't moved to the new platform.
  • Audit events: audit logs from Invicti Enterprise/A360 aren't retained.

Authentication & security settings

  • SCIM: SCIM settings aren't carried over.
    • Action: Customers are expected to create SCIM settings from scratch using this documentation.
  • LDAP: LDAP settings (relevant to on-premises) aren't carried over.
  • IP restrictions: allow/deny lists based on IP aren't carried over.
  • U2F security keys: hardware security key associations aren't carried over.
  • Multiple HTTP authentication: these configurations aren't supported in the transfer.
  • Custom flows OAuth2: custom OAuth2 flows aren't carried over.
  • Authentication profiles: saved authentication profiles aren't carried over.

Developer & automation

  • API scripts & automation: Invicti Platform utilizes a different API schema than the legacy products. Existing automation scripts or custom integrations built on the old API won't function.
    • Action: Developers must revisit and update their scripts to match the new API scheme. View the API differences guide.

Custom scripts

  • Custom security checks: these scripts aren't carried over.
    • Action: Customers need to re-write these for the new engine.
  • Pre-request scripts: these scripts aren't carried over.

Miscellaneous

  • Notifications: user notification settings and "Bell" notification history aren't carried over.
  • Paused scan status: scans that were paused at the time of the upgrade won't be resumed; they must be restarted.
  • Max scan duration: this specific setting isn't carried over.
  • Vault integrations: these aren't currently supported on the new platform (Targeted for 2026).
  • Unsupported issue trackers: integrations for trackers not supported in Invicti Platform won't be available.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?