Password Management

Enable and Use Password-Less Logins

In KSAT, you can enable the password-less logins feature to allow users to log in to their assigned training directly without requiring them to use a password. You can enable this feature in your Account Settings and use our specially-designed training notifications to let your users access training through this password-less method.

Important: Password-less logins are convenient and easy to use, but this feature is not the most secure. If a login link is shared or leaked to the internet, it could be indexed by Google or other search engines. This means that attackers could view the URL and related information (such as a user’s email address) well after the link has expired. To learn how to use password-less logins safely, see the Best Practices for Password-Less Logins section of this article.

Click the links below to learn more about password-less logins, how to set them up on your KSAT console, and how to use them as safely as possible. If you need further assistance with password-less logins, contact our support team here.

What Are Password-Less Logins?

By default, your users will be prompted to set a password for their training account once they confirm their account and log in for the first time. Alternatively, you can set a password for your users once they are imported into the console.

If password-less logins are enabled instead, users will receive an email with a customized link. Users can click this link to access their Learner Experience (LX) or take their training directly. They can use this link to log in without needing to create or enter a password at any time.

Important:Clicking the link will take users directly to their My Training page, even if they’ve used a password for their LX in the past.

This provides users the convenience of not having to remember a password for their training account.

For board members or other employees who need to take training but cannot receive the password-less login links, you can send them to to log in with their assigned email address and password that you set for them. Alternatively, you can generate a link for them manually by following the steps in the Generating New Password-Less Login Links section of this article. For more information about training users outside of your organization's domain, read the How to Train Users Who Don’t Have an Email Address from Your Domain article.

How to Set Up Password-Less Logins 

To set up password-less logins, follow the steps below:

    1. Log in to your KSAT console and click your email address in the top-right corner. Click Account Settings.
    2. Navigate to the Users Settings section.
    3. Select the check box next to Use Password-less Login.
      Important: We recommend that you don't select the Require users to reset initial password set by admins check box.
      • If you would like to disable the password-less login option for admins, select the check box next to Disable Password-less Login for Admins.
        Note:You cannot set password-less logins for specific users or groups, with the exception of admin users. When password-less login is enabled, all users will be required to log in with a password-less login link.
    4. Select how long you’d like password-less links to remain active. The default is 3 days, and the maximum entry is 999 days.
      Note:If your users need a new password-less login link, they can request a new link or you can send them a new link manually. For more information, see the Generating New Password-less Login Links subsection below.
    5. Scroll down and click Save Changes at the bottom of the page.

Generating New Password-Less Login Links

If your users' links expire, they can request new links at any time from  or, depending on where your KSAT account is located. You can also generate a link for a user manually from their individual User Information subtab. To generate a link for a user, follow the steps below:

  1. In your KSAT console, navigate to the Users tab.
  2. Click on the desired user. 
  3. Navigate to the User Information subtab.
  4. To generate a new link for the user, click the blue icon to the right of the expiration date in the User Account Details area.
  5. Generating a new link will automatically invalidate the previous link provided to the user. Click OK to proceed.
  6. Copy the link from the text box that displays.
  7. Send the link to the user to log in for training. Remember, the link will not be emailed to the user when you generate it for them. You will need to provide it to them manually.

Best Practices for Password-Less Logins

For the safest login experience, we recommend using multi-factor authentication (MFA) or SAML Single Sign-on (SSO). 

You can enable multi-factor authentication as an extra layer of protection for your organization when using password-less logins. For more information about enabling multi-factor authentication, read the How Do I Enable Two-Factor or Multi-Factor Authentication on My Account? article.

In certain scenarios, you can also use SSO with password-less logins. If both SSO and password-less logins are enabled, users who have access to KnowBe4 through SSO will log in through their SSO portal and authenticate with their identity provider. Users who do not have SSO accounts will have to wait for a training notification link to be able to log in, specifically the password-less login notification.

As a final best practice after enabling password-less logins, you should be especially aware of what training notifications you are using. We offer built-in templates tagged with “password-less” that contain the password-less login placeholder, which will automatically populate your training notification. Alternatively, you can create your own templates that include our password-less placeholders. For more information about placeholders read the How to Use Placeholders article.

Can't find what you're looking for?

Contact Support