What are Security Roles?
Our Security Roles feature, available to Platinum and Diamond customers, allows you to define the level of access and administrative ability that you'd like specific user groups to have.
This feature helps you follow the principle of least privilege in your KnowBe4 console, ensuring that the various areas of your KnowBe4 account are only accessible to those who need them.
The article goes into depth about Security Roles. For a short overview, check out our Security Roles video.
-HOW TO SET UP
-MANAGING SECURITY ROLES
-FREQUENTLY ASKED QUESTIONS (FAQ)
Use Cases for Security Roles
Here are a few examples of how you can use Security Roles to limit console access based on your employees' job responsibilities or requirements. Be sure to consider your own organizational structure and needs when creating Security Roles for your KnowBe4 console.
Use Case #1: Need to Add, Manage, and Delete Users
Need: To provide Human Resources or IT with the ability to add new users to your KnowBe4 console, but without the ability to create or manage phishing and training campaigns.
Solution: Create a Security Role providing Read/Write access to Users & Groups. This allows them to add, manage, and delete users and groups in your console as needed.
Use Case #2: Need to Create Phishing Templates, Landing Pages, and Training Notifications
Need: To provide creative control to a consultant or other internal employee to create phishing templates, landing pages, and training notifications, without allowing that individual to access any user, phishing, or training data.
Solution: Create a Security Role providing Read/Write access to Phishing Templates, Landing Pages, and Training Notifications.
Use Case #3: Need to Review Employee Completion of Assigned Security Training for Compliance or Onboarding Purposes
Need: To provide Training or Compliance group with the ability to see if users are completing their annual security awareness training on time, download training-related reports, and send notifications to users and managers to ensure everyone is in compliance with company policy.
Solution: Create a Security Role providing Read/Manage access to Training Campaigns and Read Only access to Training Reports.
HOW TO SET UP SECURITY ROLES
First, you'll want to make sure you have groups set up in your console, as Security Roles are applied to groups rather than users.
If you haven't created any groups yet, there are a few ways to do this. Most commonly, you'll create them manually under the Users-->Groups tab or through a CSV import when importing users. See our Managing Groups article for more information.
Once you have groups set up, you can follow the below steps to create Security Role(s) for specific groups.
- Navigate to the Users tab within your console, then click the Security Roles tab.
- Click the "+New Security Role" button on the top-right of your screen.
- Name your Security Role, then select one or more groups to assign the Role to.
- Click the tabs next to Role Definition (General, Phishing, and Training) to select what permissions you'd like to apply to this particular Security Role. You can select as many as you'd like. See the Permissions Descriptions section below for details on what each permission includes.
General Permissions (See Description)
Phishing Permissions (See Description)
Training Permissions (See Description)
- Click the "Create Security Role" button when you are finished. Any users affected by the Security Roles you've defined will be able to access their designated areas instantly.
MANAGING SECURITY ROLES
You can manage your Security roles from within the Users --> Security Roles tab of your console. Here you will see a list of all the Security Roles you've created.
To edit or delete Security Roles, click the downward-facing arrow towards the right of the Role you'd like to make changes to and select either "Edit" or "Delete". You can also click the name of any Security Role to modify it. This will take you to the Access Profile for that particular Security Role, where you can grant or remove permissions as needed.
"Delete" will permanently delete that Security Role from your console. This action cannot be undone.
FREQUENTLY ASKED QUESTIONS (FAQs)
- I don't see the Security Roles tab on my console.
If your KnowBe4 account's subscription level is Platinum or Diamond, you should see the Security Roles tab available to you after clicking on the Users tab at the top of your console. If you are a Platinum or Diamond customer and still cannot locate the Security Roles tab, you can contact Support for assistance.
If you're not a Platinum or Diamond customer yet but you're interested in upgrading, your Customer Success Manager can assist you. Not sure who your Customer Success Manager is? Our Support Team can assist you.
- If a user is in two groups, each with separate Security Roles defined, what permissions will they get?
Permissions are additive, meaning the user will gain all the permissions you defined in the Security Roles for the groups they are a part of. Permissions will not be taken away from a user by giving them multiple Security Roles with differing permissions.
- I have a lot of Security Roles, users, and groups created. How do I know what Security Roles apply to what users?
You can see what Security Roles are applied to a user by accessing that user's individual profile page. You can access their profile by clicking their email address after navigating to the Users tab of your console.
- Can I provide someone the ability to create Security Roles?
Only Admins on your KnowBe4 account can create Security Roles. Admins will have access to all areas of the console. See: How to assign Admin functions