Using Smart Groups, you can quickly create groups of users based on specific criteria. Smart Groups are highly customizable and dynamic. You can use these groups for phishing campaigns, training campaigns, or to quickly generate a variety of ad hoc analysis reports. If you'd like to see a set of common use cases for Smart Groups, click here.
Smart Groups can be used in conjunction with your existing standard user groups. The difference between Smart Groups and standard groups is that with Smart Groups, you are able to define distinct criteria from an expansive array of options to dynamically include or exclude users.
For additional information about Smart Groups, including tutorial videos, please see the Additional Smart Group Resources section of this article.
Our Smart Groups feature is available to Platinum and Diamond subscription levels.
- User Field Criteria
- User Date Criteria
- Phish Event Criteria
- Vish Event Criteria
- Training Criteria
- After Training Criteria
- Custom Event Criteria
Why Should I Use Smart Groups?
Smart Group memberships are dynamically updated. This means that users will flow in and out of the groups as they meet or no longer meet the criteria set for the group. This dynamism allows for advanced workflow and reporting actions. See below for just a few examples of what you can do with Smart Groups.
- Identify users that were enrolled in training but have not completed training
- Identify users with a user field (Location, Job Title, Manager, Email, etc.) that contains specific words or letters
- Identify users who have or haven’t been phished in a specified time frame
- Identify users who have or haven’t been trained in a specified time frame
- Identify users who were added to your console since or before a specified date or time frame
- Identify users who are or are not members of a specified group
- Automatically assign annual training to users when it’s been more than a year since they’ve previously completed training
- Assign specialized remedial training to people that have the highest phishing test failure rates/Phish-prone Percentage
- Phish users more intensively if they’ve recently taken remedial training as a result of failing a phishing test
If you'd like to see additional use cases for Smart Groups, see our Smart Group Use Cases article.
How Do I Use Smart Groups?
Once you've logged in to your account, click Users at the top of the page, then click the Groups tab. Click the +New Group button at the top-right of the page, then follow the steps below to create a Smart Group.
- Use the Group Name field to give your group a title (shown below).
- Be sure to check the Smart Group check box.
- You can optionally change the group's Risk Booster from the default of "Normal Risk". See our Risk Boosters Guide for more information.
- Click Submit to create your group.
Next, you will add rules to filter users into the Smart Group. You can add up to five rules per Smart Group. Each criteria type has customization options so you can meticulously define the users you’d like within that Smart Group.
- Click the +Add a new criteria drop-down menu to select the first criteria type you want to include in your Smart Group, as shown below.
See the Smart Group Criteria Types section below to find information on each criteria type, and the options within.
- Once you specify the criteria type and the options within, the number of users who fit this rule will show in green on the right-hand side.
- As you add more rules, the user count will reflect who qualifies for the current rule as well as any preceding rules.
- The total number of users meeting all of the specified rules is listed on the bottom-right in orange.
- Click the Save button and the applicable users will populate, as shown in the Managing Smart Group Users section below.
- Click on the chart icon at the top-right of the Smart Group Criteria section to see a visual representation of the rules that you've created. A Venn diagram of your Smart Group rules will expand, as shown below.
You must click the Save button to create the Smart Group's user memberships.
Each Venn diagram circle represents a different rule. The color of the circle will correspond with the colored bar on the left-hand side of each criteria rule. If you hover your mouse where all of the circles overlap, the total number of users who meet all of the criteria rules will show.
Criteria Time Frame Options
The following criteria rule types allow you to further define the criteria based on specific time frames: User Date, Phish Event, Vish Event, Training, and Custom Event (if applicable, see here for details).
See the details below to learn how to use each of the time frame options.
Date Range: Click the Date Range radio button to specify your criteria by one of the following options:
- Date Range
- To specify a date range for your criteria, click the All time field on the left, and use the built-in calendar to select the desired start date. From the calendar, use the arrows to the right of the year, to quickly select a different year (click to view).
- Then, enter your desired end date in the Ongoing field.
Alternatively, you can use the All time and Ongoing fields to manually enter a date in the MM/DD/YYYY format.
- Click the blue check button to save your date range.
- On or after a certain date
- To specify your criteria by events that occurred on or after a certain date, use the All time field to type (MM/DD/YYYY) or select your desired date from the built-in calendar.
- Then, if necessary, remove the date from the Ongoing field, on the right.
- Click the blue check button to save your "on or after" time frame.
- On or before a certain date
- To specify your criteria by events that occurred on or after a certain date, remove any entry from the All time field, on the left, if necessary.
- Once the All time field is blank, use the Ongoing field to type (MM/DD/YYYY) or select your desired date from the built-in calendar.
- Click the blue check button to save your "on or before" time frame.
Relative Date: Click the Relative Date radio button to specify your criteria by one of the following options:
- Prior to the last [X] days, weeks, or months
- In the last [X] days, weeks, or months
Managing Smart Group Users
Once you've saved your Smart Group criteria, you'll be able to manage the qualifying users in the ways we've outlined below.
- Type full or partial email addresses in the search for users by email search bar to see if a specific user is a member of the Smart Group.
- Use the Show/Hide Columns drop-down to select/deselect columns for an optimal display of user data.
- Use the Download button to download a CSV report of the users who fit the criteria of your Smart Group at any given time.
Hint: Use this for ad-hoc reporting.
- To add one or more Smart Group users to a standard group, use the checkboxes next to each user you wish to add, then select the desired group from the Select a group drop-down menu, and click the Add selected to group button.
- The drop-down arrow to the right of each user allows you to edit, archive, or make the user an account admin.
In the next section, you will find details about the different criteria types you can use to create your Smart Group rules.
Smart Group Criteria Types
You can create Smart Groups with any combination of rules, using up to five different specifications. You'll find the details on each criteria type in the sections below.
Note:If you include multiple options on a single rule within a Smart Group, this will use OR logic. For example, if you include a User Field rule about location, and include two location options, if a user is in either of those two locations they will be included as a member of the Smart Group.
User Field Criteria
The User Field criteria type allows filtering of users via the following attributes:
First Name, Last Name, Location, Manager, Manager’s Email, Email Aliases, Primary Email, Job Title, Phone Number, Phone Number's Extension, Mobile Phone Number, Division, Employee Number (number), Employee Number (text), Phish-prone Percentage, Risk Score, Risk Booster, Group Name, Organization, Department, Language, Comment, and Custom Field 1-4. See here to learn more about user information fields.
Once you have selected the User Field criteria type, click on each of the options to select the desired specifications for your Smart Group. For example, you would click on must to change it to must not.
As an example, if you wanted to target a group of users from a specific location for a phishing or training campaign, your Smart Group would have the following rule:
The [select location from the drop-down menu] must be equal to [type relevant city, country, or area, and hit "Enter" on your keyboard to create a "tag"].
Manually-created "tags" are not case sensitive. They can also be left blank if you would like to filter the group to contain all users who do not have an entry for the specified attribute.
Another scenario could be to create a group based on users who share the same manager. Your Smart Group would have the following rule:
The [select Manager from the drop-down menu] must be equal to [type desired manager's name and hit "Enter" on your keyboard to create a "tag"].
You can include multiple rules under the same criteria type. For instance, two (or more) User Field criteria types can be used for the same Smart Group.
User Date Criteria
The User Date criteria type allows filtering of users via the following attributes:
When users last logged in to the console, user creation date (when they were added to your KnowBe4 account), the employee's start date, or by custom date fields 1-2.
Once you have selected the User Date criteria type, click on each of the options, as needed, to select the desired specifications for your Smart Group.
For example, if you want to create a group of new employees added within the last six months–so you can assign a training campaign to these users–your Smart Group would have the following rule:
The user must have been created in the last 6 months [or another specified time frame].
Phish Event Criteria
The Phish Event criteria type allows you to filter users into groups based on their actions with the simulated phishing tests they have been included in. This criteria type can quickly identify the users who may not be improving as a result of the phishing tests you have conducted, enabling you to assign remedial training campaigns or advanced phishing tests for this Smart Group.
Once you have selected the Phish Event criteria type, click on each of the options, as needed, to select the desired specifications for your Smart Group.
See the table below for details about the for the Phish Event criteria options.
|Any failures||Users who have failed a phishing test in one or more ways (i.e., clicked, replied, opened an attachment, enabled a macro, entered data, or were found to have a vulnerable plugin). For more information on failures, see this article.|
|Any failures but clicks||Users who have failed a phishing test in any way aside from clicking on a phishing link.|
|Passed||Users who have received a phishing test and did not fail. Note: "Opened" is not considered a failure.|
|Opened||Users who have opened a phishing test email. Note: "Opened" is not considered a failure.|
|Clicked||Users who have failed a phishing test by clicking on a link in the email.|
|Replied||Users who have failed a phishing test by replying to the email.|
|Bounced||Users who did not receive a phishing test because the email was bounced. You can see the reason for the bounce under the campaign review. See this article for more information.|
|Delivered||Users who did receive a phishing test (i.e., the email was not bounced).|
|Opened attachment||Users who received a phishing test and opened the email attachment.|
|Enabled macro||Users who received a phishing test email including an attachment with Macro. The user opened the attachment and enabled the Macro.|
|Entered data||Users who received a "phishing for sensitive information" phishing test, and entered data on the data entry landing page. For more information on the different types of phishing tests, see here.|
|Reported||Users who reported their phishing test email using the Phish Alert Button, regardless of whether or not they failed the test.|
|Vulnerable||Users who failed a phishing test and were found to have a vulnerable plugin on their browser. For more information, see here.|
As an example, if you would like to create a Smart Group based on users that have clicked more than two times, your Smart Group would have the following rule:
User must have clicked more than 2 times ever [or another specified time frame].
Vish Event Criteria
The Vish Event criteria type allows you to filter users into groups based on their actions with the simulated vishing tests they've been included in. This criteria type enhances your ability to identify the users who may need additional, or specialized training based on their performance with these tests.
Once you have selected the Vish Event criteria type, click on each of the options as needed to select the desired specifications for your Smart Group.
For example, if you would like to create a Smart Group based on users that have failed at least one vishing test, your Smart Group would have the following rule:
User must have failed more than 0 times ever [or another specified time frame].
The Training criteria type allows you to filter users into a Smart Group based on what training assignments they have or have not been enrolled in, started, or completed. This type of Smart Group will allow you to easily find which users have or haven't completed their assigned training. It could also allow you to automatically phish test your users as soon as they complete their training.
Once you have selected the Training criteria type, click on each of the options to clarify the desired specifications for your Smart Group.
For example, if you would like to create a Smart Group of users who have completed an assignment included in a remedial training campaign, your Smart Group would have the following rule:
User has completed all of these [select a relevant training assignment from drop-down menu] ever [or another specified time frame].
After Training Criteria
The After Training criteria type is useful for creating groups of users who have or have not failed a phishing security test after completing their assigned training.
Once you have selected the After Training criteria type, click on each of the options as needed to select the desired specifications for your Smart Group.
For example, if you would like to create a Smart Group for users who have clicked on a phishing test after completing a training assignment, your Smart Group would have the following rule:
User must have clicked after completing: [select assignments that were included in the training campaign].
Custom Event Criteria
The Custom Event criteria type allows you to filter users into a Smart Group based on external user data that was imported into the console using the User Event API.
Note:The Custom Event Smart Group criteria will not be available for selection until you have imported custom events into your KnowBe4 console. See here for more information on the User Event API.
Once you have selected the Custom Event criteria type, click on each of the options as needed to select the desired specifications for your Smart Group.
For example, if you created a custom event for a physical security incident that occurred in your organization and wanted to create a Smart Group for users who allowed strangers to tailgate, your Smart Group could have the following rule:
If you would like to create additional Smart Groups based on custom events, visit here for more information and use cases.
Frequently Asked Questions (FAQs)
- Can users be in multiple Smart Groups?
Yes, users can be in as many groups that they meet the specified criteria for.
- How can I distinguish my Smart Groups from my other groups while on the Groups tab?
Check for the Smart Groups icon to the left of the group.
- Can you manually add users to or remove users from Smart Groups?
No, due to the dynamic nature of these groups, users can only be automatically added to/removed from Smart Groups when they meet/no longer meet the criteria of that Smart Group, and this addition/removal occurs automatically.
- Can you change the title of a Smart Group?
Yes, under the Groups tab, use the drop-down arrow to the right of the group name to edit the title of the group.
- Can you edit Smart Group criteria after the group has been created?
Yes, but keep in mind if you save the new criteria, group members who met the former criteria but no longer meet the new criteria will be removed.
- I don’t see an option for Smart Groups in my account.
Are you a Platinum or Diamond customer? If not, you can upgrade by speaking with your KnowBe4 Customer Success Manager. If you’re unsure who your Customer Success Manager is, a member of our Support Team can help. Click here to submit a ticket.
- How frequently are Smart Group memberships updated?
Smart Group memberships are updated every 15 minutes or less.
- Can I sync members from my Active Directory into a Smart Group?
No, users cannot be manually added or synced into a Smart Group. If you created a Smart Group in the console and then attempted to create and sync a group by the same name from your Active Directory, your ADI sync log would show errors and fail to sync the group.
- Do Smart Groups include archived users?
No, Smart Groups only include active users.
- Can I use OR logic in my Smart Group?
Yes. To do this, you can include multiple options in a single rule. For example, if you'd like to make a Smart Group that include users with locations in France OR Spain, you could make a rule that looks like the below:
+ Add a New Criteria > User Field | The location is in [Add France and Spain]
Additional Smart Group Resources
The following table provides a description of each of the Smart Groups resources you can find on our Knowledge Base. Use this table to learn more about what you can do with Smart Groups, then see the applicable resource for in-depth instructions.
|1||How to Use Smart Groups||This article provides general instructions for using Smart Groups. It includes FAQs, explains each Smart Group criteria type, and provides details for the time frame options available under the applicable criteria types.|
|2||Video: Introduction to Smart Groups||This instructional video introduces the Smart Groups feature. It provides use cases and examples and covers the functionality and capabilities of Smart Groups.|
|3||How to Use Smart Groups: Use Cases||This instructional article provides a set of common use cases for Smart Groups. It also includes an overview of (and links to) the five automated plans that are presented in the article described below, on line 4.|
|4||Automating Workflows with Smart Groups||This instructional article is a collection of plans you can set up to fully-automate five common security awareness program workflows. These automated workflows include phishing, remedial training, mandatory annual training, onboarding/new hire training, and general or periodic training.
(Please note, this article includes descriptions of, and links to the resources described in lines 5-9, below.)
|5||Automation with Smart Groups: Dynamic Phishing and Remedial Training Plan||This instructional guide offers two plans that work together to automate dynamic phishing security tests and remedial training enrollments. If you'd prefer, you can follow the tutorial video version of this plan found below, on line 6.|
|6||Videos: Automated Phishing and Remedial Training with Smart Groups||This article consists of two tutorial videos that supplement the article described in line 5, above.
If you'd prefer, watch these videos instead of reading: Automation with Smart Groups: Dynamic Phishing and Remedial Training Plan.
|7||Automation with Smart Groups: Remedial Training||This article offers a general approach to automating remedial training enrollments for users who fail your phishing security tests.
Please note, if you'd like to automate remedial training enrollments and your simulated phishing tests, we'd suggest following the plan described in line 5, instead (Automation with Smart Groups: Dynamic Phishing and Remedial Training Plan).
|8||Video: Incremental Phishing with Smart Groups||This article consists of a tutorial video and instructional guide for an automated and incremental phishing plan. This plan is offered as an alternative to the dynamic phishing plan described in line 5, above. This incremental plan involves a slightly more complex setup compared to the dynamic plan. It begins by testing your users with the lower-difficulty rating templates, then, progressively moves toward the more sophisticated templates, as users learn how to detect the red flags of social engineering.|
|9||Video: How to Rollout Periodic Training Using Smart Groups||If you'd like to assign periodic training to your employees, we've designed an automated plan so you can "set it and forget it". The plan lets you assign training in a structured order so you can have full control over what content your users are trained with and when.|
|10||Video: Remedial Training with Smart Groups||In this video, we show examples of Smart Groups that you can create for ad hoc reporting, assigning remedial training, or for targeting your phish-prone, or vulnerable users with additional phishing tests.
If you'd like to automate remedial training enrollments using Smart Groups, please see our two options for automated remedial training plans, above (lines 5, 6, or 7).