Updating Your KMSAT Account Integrations Settings
In this article, you'll learn about the Account Integrations section of your KMSAT account settings. In the Account Integrations section, you can manage your account integrations for SAML, the Phish Alert Button (PAB), API reporting, PhishER, and Second Chance.
Click the links below to learn more about the Account Integrations settings.
In the SAML section, you can enable or disable SAML on your account. You will need the information provided in this section to set up SAML with your single sign-on (SSO) provider. If you need to enable SAML to allow your users to log in for training using your SSO provider, please follow the instructions in our How to Set Up SAML Single Sign-on for the Security Awareness Training Platform article.
See below for more information about the settings in this section:
- Enable SAML SSO: Select this check box to enable SAML Single Sign-on (SSO) on your account. For more information, see our How to Set Up SAML Single Sign-on for the Security Awareness Training Platform article.
- Disable non-SAML Logins for All Users: Select this check box to disable password logins for all users. Once selected, users will be required to log in with their SAML application and all bypass URLs will be disabled. This check box is only visible when the Enable SAML SSO check box is selected.
- Allow Admins w/MFA to Bypass SAML Login: Select this check box to allow admins with multi-factor authentication enabled to log in with their password and token. Admins will be able to use this login method with a bypass URL as an alternative to their SAML application. This check box is only visible when the Disable non-SAML Logins for All Users check box is selected.
- Allow Account Creation from SAML Login: This check box will display after you enable SAML. This setting allows users who do not already have an account to create a new account by entering their email address from the login window. If the SAML authentication was successful, the new user's account will be created. If you don’t enable this setting, users who do not already have an account will get an error message if they try to create an account.
- IdP SSO Target URL: Enter your identity provider URL or SSO URL into the field.
- IdP Cert Fingerprint: Enter the fingerprint of your identity provider's SAML certificate. The SHA-1 option is selected by default.
- Sign SP AuthnRequest: Select this check box to digitally sign the SAML AuthnRequest sent from the KnowBe4 service provider to your identity provider.
- Entity ID: When configuring the SAML connection to your identity provider, enter the ID found in this section. Depending on your IdP provider, the Entity ID field may also be named the SAML Audience or Identifier.
Generate Unique Entity ID: You can click this button to generate a unique entity ID to use for this account. However, be aware that if you do change the entity ID, SSO will not work for your users until you update the entity ID in your Identity Provider account.
Important: If you manage multiple accounts, your Identity Provider may not allow the same entity ID to be entered multiple times in the same Identity Provider account. If your Identity Provider does not allow the same ID to be entered multiple times, your users may be unable to log in to their account with SSO.
If you click the Generate Unique Entity ID button, you'll see the Restore Default Entity ID button. You can click this button to restore your entity ID back to "KnowBe4". If you click this button, any existing SAML connection using your entity ID will stop functioning until you update it in your identity provider.
- SSO Sign-in URL: This field provides the Login URL or SAML Endpoint URL. This URL will redirect your users to the identity provider SSO URL.
- SSO Sign-out URL: This field provides the Logout URL.
- SSO Callback (ACS) URL: This field provides the Assertion Customer Service (ACS) URL. This URL receives the authentication response from your identity provider.
- SAML ID: This field provides your SAML ID. Your SAML ID is a unique code that links your users back to your KnowBe4 account. You can’t change your SAML ID.
- Metadata URL: This field provides your Metadata URL. Your Metadata URL contains your service provider’s metadata file and can be used to automatically configure the SAML connection on your identity provider. You can only use the metadata URL where applicable.
- Bypass-SSO Login URL: This field provides your Bypass-SSO Login URL. If you'd like to bypass SSO, this URL will bypass the SSO redirect and allow you to log in to the KMSAT console using your email and password.
Phish Alert Button (PAB)
In the Phish Alert section, you can configure and customize aspects of the Phish Alert Button (PAB) for your account. For information about the settings in this section, see the Enable and Configure PAB section of our Phish Alert Button (PAB) Product Manual.
In the API section, you can enable and access KnowBe4’s APIs.
See below for more information about the settings in this section:
- Reporting API: If your organization would like to use an API to pull data from the console for reporting purposes, select the Enable Reporting API Access check box and then click Reporting API. To use this feature, you must have a Platinum or Diamond subscription. For more information, see our KnowBe4’s Reporting API article.
- User Event API: If your organization uses the User Event API, you can click User Event API to access the User Event API Management Console. To access the console, you must have a Platinum or Diamond subscription. For more information, see our KnowBe4's User Event API article.
- Product API: If your organization would like to use an API for PhishER or to integrate with KCM GRC, click Product API. For more information, see our KnowBe4's PhishER APIs and How to Integrate KnowBe4's KMSAT Console with KCM GRC articles.
If you have enabled PhishER in your organization, you can click the Go to PhishER button to access the PhishER interface.
For more information about PhishER, see our PhishER Product Manual.
In the Webhooks section, you can enable webhooks for your KnowBe4 account by selecting the Enable Webhooks check box. When this feature is enabled, you can create webhooks to send real-time phishing and training data to other applications that you use.
For more information, see our How to Create Webhooks in Your KMSAT Console article.
In the Second Chance section, you can enable our Second Chance tool for your KnowBe4 account.
To enable Second Chance, select the Enable Second Chance Management check box. If you enable Second Chance, you'll have access to a new Second Chance tab in your KMSAT console.
If you have a Partner account, you can use the Days Shown on Overview Page field to select the number of days you’d like to include when displaying the User Actions data on the Second Chance Overview page. The default setting is 30 days.
For more information about Second Chance, see our Second Chance Installation and Product Manual.