Your Account Settings is where you can view your account's subscription information, enable or disable various features, and customize certain aspects of your KMSAT account. You can find this section by logging in to your KnowBe4 console and clicking your email address in the top-right corner. Then, click Account Settings.
On the Account Settings page, use the menu on the left to navigate to the different sections. You can expand a specific section by clicking on the arrow icon or you can expand the entire page by clicking Expand All. You can also use the search bar at the top-right of the page to search the Account Settings page for keywords.
Use the jump links below to learn more about the options that are available under your account settings.
Here you can see your subscription level, the number of seats you have available, and how many active users are currently on your account. To make changes to your subscription details, contact your Account Manager or CSM.
In this section, you can view whether or not KnowBe4 agents have access to your account.
Allow KnowBe4 agents to access this account.
- Use this drop-down menu to change your current account privacy status.
- We recommend selecting the option Allow continual access to allow KnowBe4 agents to access your account as needed.
- If this option is set to Do not allow access, you must change this setting before contacting support.
- For more information, see our article: Contact Support and Grant Access to Your Account
Most of the information you set here will define the information that placeholders will pull from in the console. Placeholders can be used to automatically populate phishing templates, landing pages, and training notifications with company-specific information.
- For more information, see our article: How To Use Placeholders
- If your email environment includes multiple email domains, you can click Allowed Domains to add more subdomains or root domains to your KnowBe4 account.
- See the following articles for more information:
Business Hours, Business Days, and Time Zone
- Customize your account's default business hours, business days, and time zone.
- For more information, see our article: How Do I Set up My Account's Time Zone, Business Days, and Hours?
Default Admin Console Language
- The language selected from this drop-down menu will apply to the entire admin console unless an admin selects a different Admin Console Language. If a user’s language is not available, the account’s default language will be used.
- For more information, see our article: Localization Guide
Date and Time Format
- Specify the default date and time format to indicate how the date and time should be displayed throughout the console.
- For more information, see our article: Modifying the Default Date and Time Format
Company Logo URL
- Enter the URL for your company logo to use it in templates. Once added, the company logo can be used in phishing templates, landing pages, and training notifications by selecting one of the company logo placeholders. We recommend using a small logo, with 200px by 200px.
- Upload a company logo to your KnowBe4 account to personalize the experience your users have upon logging in for training. Your logo will replace the logo on the top-left of the console after logging in. View the requirements for this logo at the link below.
- For more information, see our article: How Do I Add My Company's Logo to the Console?
- Set an optional color theme for your Learner Experience. We recommend matching the color to your organization's brand or logo colors. This will provide a familiar learning environment for your end-users.
Upload Branded Certificate
- Use this option to upload a branded certificate. This allows you to design and upload a custom background image for your certificates, giving them a look and feel that matches your organization. Use the templates in this article as a starting point to make sure the auto-generated text aligns correctly. For more information, see here.
- Enabling this option will allow you to use Active Directory (AD) to manage your users. Upon enabling and updating your Account Settings, you will see an additional tab beneath the Users tab for user provisioning.
- Test Mode is enabled by default and should be kept on until you are satisfied with the results of your Active Directory Integration (ADI) behavior. You can view the details of your sync and what would have occurred if test mode was "off" under Users > Provisioning.
Active Directory Integration Settings
- Show Group Domain: If your users are split between multiple domain sources, enabling this option will allow you to add the root domain to each of the AD-synced group names in the KnowBe4 console so that you can better organize your users.
- AD Sync Token: This is your unique account token which you'll need during the installation process of Active Directory Integration (ADI). You may generate a new token if you would like by clicking the Regenerate token button.
Warning: Please be aware that if you regenerate the AD sync token, you will not be able to sync your active directory until you update your Active Directory Sync Tool with the new sync token. We recommend only using this feature to stop existing syncs from a tool that you don't know the location of in order to set up syncing with a new tool. For information on ADI, see this article.
- Download Active Directory Sync Tool: You'll need to download and install this to run ADI.
- View Installation Guide: This link will take you to our help desk's installation guide for ADI. Be sure to read this prior to installing the tool.
- For more information, see our article: Active Directory Integration (ADI)
Allow Users to Create Accounts
- This option is unchecked by default. We recommend keeping this option unchecked except in special cases.
- Why enable the Allow Users to Create Accounts option?
- Enabling this option allows your users to sign themselves up for their own KnowBe4 account. If this option is enabled, users who do not have an account in the console already can create their own by entering their work email address into the login form located at https://training.knowbe4.com (or https://eu.knowbe4.com, depending on where your account is located). Users who sign up using this method will be added to your user list immediately.
- How can I quickly invite users to set up their own accounts?
- Enroll Groups: All Users
- Enable automatic enrollment for new users: Enabled
- If you're allowing users to sign up for their own accounts, you can also set up a "self-service" training campaign, where users who sign up can be automatically enrolled in training. To do this, you'll set up a campaign with the below settings:
- Once this campaign is created and the Allow Users to Create Accounts option is enabled, you can direct your users to KnowBe4 to self-enroll.
- Why is this option unchecked by default?
- The consequence of allowing users to sign up on their own is that they may misspell their email address or sign up with an email alias (such as email@example.com instead of firstname.lastname@example.org). If this occurs, there may be duplicate user accounts in your user list.
- Duplicate accounts could also cause users to receive additional phishing tests and training notifications for each email account they've signed up with. If this issue occurs, we recommend that you merge the duplicate user accounts and retain only one account for each user.
Use Password-less Login
- Enable this option if you'd prefer your users to log in for training without needing to use a password. Be sure to use training notifications tagged with "password-less" if you choose this option, or create your own training notifications using our "password-less" placeholders.
- You can also disable password-less login for administrators on your account by selecting Disable Password-less Login For Admins. Admins will need to log in with their email and password or through single sign-on, depending on your account setup.
- For more information, see our article: How to Enable and Use Password-less Logins
Only allow concurrent logins from the same IP
- You can enable this feature to ensure that admins can use their credentials to log in to separate instances of the console at the same time only if they are logging in from the same IP address.
Expire Password-less Link After X Days
- If you're using password-less logins, this setting defines how long the password-less link will remain active for your users.
Admin Session Timeout
- Select the length of time that you would like KnowBe4 admin account sessions to remain active. After the specified time period of account inactivity has passed, admins will be logged out. This can be adjusted up to 8 hours.
User Session Timeout
- Select the length of time that you would like KnowBe4 user sessions to remain active. After the specified time period of account inactivity has passed, users will be logged out. This can be adjusted up to 8 hours.
Minimum Password Length
- Select the minimum required length for user passwords, between 8 and 32 characters.
Default Landing Page
- If you would like to set a default landing page to be used across all phishing campaigns, you have the option to select a landing page from the drop-down. You will still have the option to select a different landing page when setting up a phishing campaign or editing an email template.
Default Landing Domain
- If you would like to set a default landing domain to be used across all email templates, you have the option to select a landing domain from the drop-down. You will still have the option to select a different landing domain when editing an email template.
Disable Email Open Tracking
- You can check this option to remove the small tracking image that we place in each phishing email which tracks if and when your users open the email in their inbox.
- For more information, see our article: How Do You Track Email Opens?
Include Archived Users In Reports
- Enabling this option will allow you to include data from archived users in all phishing reports. If this option is disabled, data from archived users will not be included in phishing reports. By default, this option is disabled.
Overwrite [[domain]] Placeholder
- Enable this option to change what the [[domain]] placeholder displays in phishing templates and landing pages. After enabling this option, enter a correctly-formatted domain in the text field.
- Why would I want to enable the Overwrite [[domain]] Placeholder option?
- If your organization does not want you to spoof your users' domains.
- If you have spoofing prevention in place that would prevent emails spoofing your domain from being delivered successfully.
- When this option is unchecked, the [[domain]] placeholder will use the recipient's email domain. For information on how the [[domain]] placeholder works by default, check out this article.
Note: If using a lookalike domain (one that is similar to your actual domain), it is best to purchase that domain so that you own it. If someone else purchases that lookalike domain and your users reply to the email, they may be replying to someone other than you. Please be aware that using a real domain with anti-spoofing protection could affect mail deliverability.
Disable Template Attack Vectors
- Use this option to disable phishing email templates that use specific attachment attack vectors. For example, if you don't want your users to receive simulated phishing attacks that include PDF attachments, you can select PDF Attachments from this list.
- For more information, see our article: What Attachments Can I Add to My Phishing Campaign and How Are They Tracked?
Default Phishing Language
- The language selected from this drop-down menu will apply to phishing campaign emails unless a different Phishing Language has been set for that user. If a user’s language is not available, the account’s default language will be used.
- See our Localization Guide for more information.
- Overwrite Sender Address with Reply-to Address For OOO Replies (Out of Office Replies)
- If you are using reply-to phishing, tracking out of office replies, and using Microsoft Exchange or Microsoft 365, you'll want to enable this feature.
- For more information, see our article: Reply-to Phishing: Should I track out of office replies?
- Overwrite Return-path Address with Reply-to Address
- Use this option to change the return-path address to the reply-to address during a reply-to phishing campaign. You will want to use this option if your mail server settings require the return-path address and reply-to address to match.
- For more information on reply-to phishing, see our Reply-To Phishing article.
Phishing Email Headers
- Overwrite Fixed Return-path Address with Sender Address
- You'll likely want to check this setting if you are using Google Workspace (formerly G Suite)/Google Apps as your mail server. With this setting deselected, Gmail users may see "via KnowBe4" text alongside the sender email address when phishing test emails arrive in their inbox.
- For more information, see our article: Why Does Google Mail Show "Via KnowBe4" On The Phishing Tests?
- Disable X-PHISHTEST Header
- With this setting disabled, our standard X-PHISHTEST header will not be included in phishing emails.
- Enable PST Header Token
- If selected, the generated token will be included in an X-KB4TOKEN header in phishing emails. You may generate a new token if you would like by clicking the Regenerate token button.
- Add Custom Header
- Select this checkbox and use the text boxes to set the custom header name and header value for phishing emails. You must enter a value in each field. If you're whitelisting our phishing emails by email header, you can enable this setting and then whitelist your custom header text for increased security.
- Enable DKIM Signature
- Select this checkbox to add a DKIM signature to your phishing emails for increased security. You can choose to use KnowBe4's signing domain or customize your own. If your organization requires DMARC/DKIM checking for incoming messages, you will want to have this checkbox selected.
Direct Message Injection (DMI)
- In this section, you can enable and edit your Direct Message Injection settings.
- Direct Message Injection (DMI) eliminates the need to whitelist simulated phishing emails by creating a secure link between your KnowBe4 console and your Microsoft 365 Account. See our Direct Message Injection Guide for more information.
Enable AIDA Beta
- Enabling this option will add a new tab to your KnowBe4 account, AIDA. AIDA is our Artificial Intelligence Driven Agent and allows you to simulate a multi-faceted social engineering attack, which will prompt your users to click on a phishing link, tap on a link in a text message, or respond to a voicemail--any of which could compromise your network. You can participate in the beta testing of this feature by selecting this option.
- This option is only available on accounts located on https://training.knowbe4.com.
- For more information, see our article: Artificial Intelligence Driven Agent
Enable Content Surveys for All New Training Campaigns
- This setting automatically checks the Enable Content Survey option for all new training campaigns. You can still turn off content surveys when setting up new training campaigns.
- Content surveys help create more accurate recommendations and provide users an opportunity to share their feedback. See our How to Use Surveys article for more information.
Training Email Headers
- Overwrite Fixed Return-path Address with Sender Address
- You'll want to check this setting if you are using SPF alignment checks and want to spoof your domain. Please make sure you have whitelisted KnowBe4's servers before selecting this option.
- Add Custom Header
- Select this checkbox and use the text boxes to set the custom header name and header value for training notifications. If you're whitelisting your training notifications by email header, you can enable this setting and then whitelist your custom header text for increased security.
Learner Experience (LX)
See a short video that explains these options here.
Default Training Language
- The language selected from this drop-down menu will apply to the Learner Experience and available content unless a user selects a different Training Language. If a user’s language is not available, the account’s default language will be used.
- Click the Enable Localized Training Notifications to send training notifications in each user's language. If a user’s language is not available, the account’s default language will be used.
- See our Localization Guide for more information.
Reduce Visual Effects in Learner Experience
- This setting will reduce visual effects in the learner experience. Enable this setting if you have slower workstations in your environment or are using Citrix or Flash-based browsers.
- Enable Learner Dashboard
- You have the option to enable the Learner Dashboard for your users to view information about their training progress. Here users will see a summary of their training completion including the training status and due dates.
- For more information, see our article: What is the Learner Dashboard?
- Enable Phishing Information
- Once the Learner Dashboard has been enabled, you can enable this option to allow users to see their own phishing test results.
- Enable Risk Information
- Once the Learner Dashboard has been enabled, you can enable this option to allow users to see their own Personal Risk Score.
- Enable Optional Learning
- Enabling this feature allows you to offer your users extra training from the ModStore, without requiring that they complete it. After the creation of an optional training campaign, the optional content will be added to the Library tab of the Learner Experience.
- For more information, see our article: Optional Learning Guide
- Enable Badges
- Click this checkbox if you'd like to enable Badges. Learn more about Badges here.
- Badges Available to Users
- Select the badges that you'd like to allow users to earn. Learn more about badges and how users can earn them here.
- Leaderboard Type
- To enable your leaderboard, click this drop-down and select Group Leaderboard. To turn off your leaderboard, select No Leaderboard.
- Leaderboard Time Period
- Select the time range for rankings you'd like your leaderboard to display. Any enrollment that was active during that time period will be included in the leaderboard rankings.
- Select from: Past 30 Days, Past 90 Days, Current Quarter, Current Year, or All Time.
- Groups to Include in Leaderboard
- Select between 3 and 25 groups to include in your leaderboard. Only groups selected in your Account Settings will be included in your leaderboard. Users who are not a part of the selected groups will not be able to view your leaderboard.
- Exclude training campaigns with no due date.
- Click this checkbox if you would like to exclude all training campaigns that do not have a due date from the leaderboard calculation. This can be used along with the optional learning feature to keep optional content from impacting the leaderboard.
Here you can enable or disable SAML on your account. You will need the information listed in this section to set up SAML with your single sign-on (SSO) provider. If you need to enable SAML to allow your users to log in for training using your SSO provider, please follow the instructions listed in our How to Set Up SAML/SSO for the Security Awareness Training Platform article to enable SAML in your account based on your specific SSO provider.
Enable SAML SSO
- Select the Enable SAML SSO option to enable SSO with SAML on your account. By default, this option is disabled. Use the information below to complete the process with your appropriate SSO provider.
- For more information, see our article: How to Set Up SAML/SSO for the Security Awareness Training Platform
Allow SAML User Provisioning
- This setting is only available when SAML is enabled and is selected by default. When enabled, users who do not already have an account can create a new account by entering their email address from the login window. As long as the SAML authentication was successful, the new user's account is created. If you have this feature disabled, users who do not already have an account will get an error message when they enter their email address.
IdP SSO Target URL
- Enter your Identity Provider or SSO URL into the field.
IdP Cert Fingerprint
- Enter the fingerprint of your Identity Provider's SAML certificate. By default, the SHA-1 option is selected.
Sign SP AuthnRequest
- Enable this setting to digitally sign the SAML AuthnRequest sent from the KnowBe4 service provider to your identity provider.
- When configuring the SAML connection to your IdP provider, enter the ID found in this section. Depending on your IdP provider, the Entity ID field can also be known as the SAML Audience or Identifier.
Generate Unique Entity ID
- If you are managing multiple accounts, your Identity Provider may not allow the same entity ID to be entered multiple times in the same Identity Provider account. This can make it so that your users cannot log in with SSO. Use this option to generate a unique entity ID to use for this account. However, be aware that if you do change the entity ID, SSO will not work for your users until you update the entity ID in your Identity Provider account.
Restore Default Entity ID
- If you have generated a unique entity ID, you'll see the Restore Default Entity ID button. Clicking this button will restore your entity ID back to "KnowBe4" and any existing SAML connection using that ID will stop functioning.
SSO Sign-in URL
- This field provides the Login URL or SAML Endpoint URL. This URL will redirect your users to the IdP SSO URL, found at the top of SAML dropdown menu, when they try to log in.
SSO Sign-out URL
- This field provides the Logout URL.
SSO Callback (ACS) URL
- This field provides the Assertion Customer Service URL. This URL receives the authentication response from your IdP.
- The SAML ID is a unique code that links your users back to your KnowBe4 account. Your SAML ID cannot be changed so it is important to not share this information.
- This URL contains the Service Provider metadata file and can be used to automatically configure the SAML connection on your IdP. You can only use the metadata URL where applicable.
Bypass-SSO Login URL
- If you would like to bypass SSO, this URL will bypass the SSO redirect and can be used to log into the KnowBe4 console using your email and password.
- Here, you can configure and customize aspects of the Phish Alert Button (PAB). The various settings and their functions are detailed in the Enabling and Configuring Phish Alert section of our PAB installation guide.
- For more information, see our article: Enabling and Configuring Phish Alert
Enable Reporting API Access
- Here, you can enable access to our reporting APIs. (A Platinum/Diamond subscription level is required)
- For more information, see our article: KnowBe4 API Reference Guide
- If your organization uses KnowBe4's User Event API, you can click User Event API to visit the User Event API Management Console (a Platinum/Diamond subscription level is required).
- If your organization uses KnowBe4's PhishER API, you can click PhishER API to visit the API Key tab in the User Event API Management Console to learn how to create a new PhishER API token.
- If you have PhishER, you can click the Go to PhishER button to open the PhishER interface.
- For more information, see our article: PhisheER Product Manual
Enable Second Chance Management
- Here, you can enable Second Chance management on your KnowBe4 account, adding the Second Chance tab to the top of your screen.
- For more information, see our article: Second Chance Installation Guide
Days Shown on Overview Page
- This option is only available to Partner accounts. Use this field to select the number of days that you would like to include when displaying the User Actions data on the Second Chance Overview Page. The default setting is 30 days.
Email Exposure Check (EEC Pro)
For more information about EEC Pro, please visit our Email Exposure Check Product Manual article.
Run Scan on this Day of the Month
- This setting is used to set which day you would like to run a monthly Email Exposure Check. For example, if you would like to run an Email Exposure Check on the 17th day of each month, use the drop-down menu to select the number 17.
Last Scanned on
- This shows the date that your last Email Exposure Check scan was queued. This date can be different from the scan’s completion date.
Scan User Email Address Now
- Use this button to run your Email Exposure Check.