Skip to main content

Moving from Invicti Enterprise to Invicti Platform

We are excited to upgrade your account to the new Invicti Platform. This transition represents a significant step forward in our technology, offering a more robust, scalable, and modern architecture.

Because Invicti Platform features a new design and enhanced architecture compared to Invicti Enterprise, the upgrade process involves specific logic regarding your data. While we have ensured that your core configurations and assets are carried over, some historical data and specific settings require a fresh start or manual configuration.

Below is the detailed breakdown of what to expect during your upgrade.

Infrastructure & access requirements

Before running scans on the new platform, you must account for our new infrastructure.

  • Trustlisting: Invicti Platform operates on a new infrastructure with different IP addresses and access requirements. Your existing allowlists (firewall rules) from the legacy platform won't work.
    • Required action: You must update your network settings to allow our new IP ranges. Consult the Trustlist requirements documents.

What is carried over

The following assets, users, and configurations are automatically moved to the new platform. Please note that while these items are carried over, some may require final verification or additional steps as noted.

Accounts & users

  • Accounts: your root account is carried over.
  • Users: all user accounts are carried over, including their existing passwords and 2FA settings.
  • User profile settings: individual user preferences and profile details are retained.
  • User groups: your existing group structures remain intact.
  • RBAC settings (custom roles): custom roles are carried over. Since the permission structure has evolved, we map these to the best possible matching permissions in the new platform.
  • User access settings: existing access configurations are preserved.

How targets are migrated from Invicti Enterprise

Invicti Platform targets are created from your existing Invicti Enterprise Targets and Scan Groups. The migration logic depends on whether a target has been scanned before:

  • Never scanned targets: if an Invicti Enterprise target has no scan history, it is migrated as a single target using the default settings.

  • Previously scanned targets: if an Invicti Enterprise target has been scanned before, each unique combination of scan settings is migrated as a separate target. The scan group is determined by the following settings: Target URL, Scope, Scan Profile, and Scan Policy. Report policy is excluded from this grouping logic.

    For example, if you scanned a target in Invicti Enterprise using 5 different combinations of the settings above, you are going to have 5 targets on Invicti Platform, named chronologically in the order the settings were first used:

    • Target Name - 1
    • Target Name - 2
    • Target Name - 3
    • Target Name - 4
    • Target Name - 5

    The numbering follows chronological order - the first set of settings ever used for that target receives number 1, the second distinct set receives number 2, and so on.

    note

    To identify which migrated target corresponds to which scan group, you need to review each target's settings individually on the platform. We recommend reviewing all migrated targets after the upgrade and removing any you no longer need. Our goal is to migrate as many configurations as possible so nothing is lost - you can always delete targets you don't want to keep.

Scanning configurations

  • Scan profiles and policies: your custom scan definitions and policies are carried over.
  • Web discovery: all web discovery settings and discovered records are retained.
  • API security settings: your specific API security configurations are carried over.
  • Excluded hours: time windows where scanning is forbidden are preserved.
  • Max Scan Duration value is carried over
  • Entered links in scan settings are carried over as Generic Links.txt

Automation & scheduling

  • Scheduled / future scans: all scheduled scans are carried over and are enabled by default.

Integrations & connectivity

  • Internal scanning agents: configurations are carried over, meaning the Agent-to-Target relationships are retained.

    note

    You need to install the new Invicti Platform Agents. See upgrade steps document.

  • Issue tracker integrations: integrations supported by the Invicti Platform are carried over.

  • IAST: Interactive Application Security Testing settings are carried over.

    • Additional configuration steps are required. Read the IAST guide.

Authentication & SSO

  • Form authentication: these settings are carried over, but the new engine requires additional verification.

  • Custom Form Auth credentials: username/password and the form auth script are carried over into Login sequence recorder settings.

  • SSO settings: single sign-on configurations are carried over.

    info

    Critical considerations and additional steps are required to finalize SSO. View the SSO upgrade steps.

Import files

  • RAML, OpenAPI, WADL, WSDL and GraphQL are carried over into API HUB
  • The rest are carried over into the DAST settings

OAuth Migration

  • Invicti Enterprise Flow Type is carried over to the Grant Type
  • If HTTP Auth is configured in Invicti Enterprise, it is carried over to HTTP Auth
  • The rest of the settings in the Invicti Enterprise Access token tab are carried over as UP OAuth2 settings.
  • The access token URL : Endpoint URL is carried over, but Method and Content-Type aren’t.
  • 3-legged auth settings

What isn't carried over

Due to architectural differences and the opportunity to provide a cleaner environment, the following data and settings aren't carried over.

Historical data & reporting

  • Past scans: historical scan data (including HTTP requests/responses and Scan Activity logs) isn't carried over.
  • Vulnerabilities: existing vulnerability records aren't carried over. Vulnerability data populates fresh as you run new scans on the Invicti Platform.
  • Reports: saved historical reports aren't moved to the new platform.
  • Audit events: audit logs from Invicti Enterprise/A360 aren't retained.
Before you migrate

To preserve access to your historical data, export your vulnerability and scan reports as files from Invicti Enterprise, and download your audit logs before the migration begins. Once the upgrade is complete, this data is no longer accessible.

Targets & scanning configurations

  • Additional targets: In Invicti Enterprise, Additional Targets (found under the Scan Settings section) aren't automatically migrated as Allowed Hosts to the Invicti Platform. This is because the new Platform architecture requires each host to have its own specific target configurations and settings.
    • Required action: you must manually create new Targets in the Invicti Platform for any hosts previously listed as Additional Targets. This ensures that each target can be managed with its own dedicated target settings.

Authentication & security settings

  • SCIM: SCIM settings aren't carried over.
    • Action: Customers are expected to create SCIM settings from scratch using this documentation.
  • LDAP: LDAP settings (relevant to on-premises) aren't carried over.
  • IP restrictions: allow/deny lists based on IP aren't carried over.
  • U2F security keys: hardware security key associations aren't carried over.
  • Multiple HTTP authentication: these configurations aren't supported in the transfer.
  • Authentication profiles: saved authentication profiles aren't carried over.

Developer & automation

  • API scripts & automation: Invicti Platform utilizes a different API schema than the legacy products. Existing automation scripts or custom integrations built on the old API won't function.
    • Required action: Developers must revisit and update their scripts to match the new API scheme. View the API differences guide.

OAuth Migration

  • Custom Authentication Flow
  • Authentication
  • Authorization Code and Response tabs are not carried over

Custom scripts

  • Custom security checks: these scripts aren't carried over.
    • Required action: Customers need to re-write these for the new engine.
  • Pre-request scripts: these scripts aren't carried over.

Miscellaneous

  • Notifications: user notification settings and "Bell" notification history aren't carried over.
  • Paused scan status: scans that were paused at the time of the upgrade won't be resumed; they must be restarted.
  • Max scan duration: this specific setting isn't carried over.
  • Vault integrations: these aren't currently supported on the new platform (Targeted for 2026).
  • Unsupported issue trackers: integrations for trackers not supported in Invicti Platform won't be available.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?