The Account Settings area is where you can view your account's subscription information and customize several aspects of your account.
To access this area after logging into your account, click your email address on the top-right, then click Account Settings.
Here you can see your subscription level, the number of seats you have available, and how many active users are currently on your account.
Most of the information you set here will define the information that placeholders will pull from in the console. Placeholders can be used to automatically populate phishing templates, landing pages, and training notifications with company-specific information.
Company Logo Url for Templates
- Enter the URL for your company logo to use it in templates. Once added, the company logo can be used in phishing templates, landing pages, and training notifications by selecting one of the company logo placeholders. We recommend using a small logo here, preferably less than 200px by 200px.
Company Logo for Console
- Upload a company logo to your KnowBe4 account to personalize the experience your users have upon logging in for training. Your logo will replace the logo on the top-left of the screen after logging in. View the requirements for this logo at the link below.
- See: How do I add my company's logo to the console?
default date and time format
- Specify how the date and time are displayed throughout the console.
- See: How do I change the date and time format in the console?
Business hours, Business days, and Time Zone
- Customize your account's default business hours, business days, and time zone.
- See: How Do I Set up My Account's Time Zone, Business Days, and Hours?
- If your email environment includes multiple email domains, you can click Allowed Domains to add more subdomains or root domains to your KnowBe4 account.
User Event API
If your organization uses KnowBe4's User Event API, you can click User Event API to visit the User Event API Management Console (a Platinum/Diamond subscription level is required).
Here you can enable or disable SAML on your account. You will need the information listed in this section to set up SAML with your single sign-on (SSO) provider. If you need to enable SAML to allow your users to log in for training using your SSO provider, please follow the instructions listed in our How to Set Up SAML/SSO for the Security Awareness Training Platform article to enable SAML in your account based on your specific SSO provider.
Enable SAML SSO
- Select the Enable SAML SSO option to enable SSO with SAML on your account. By default, this option is disabled. Use the information below to complete the process with your appropriate SSO provider.
- See: How to Set Up SAML/SSO for the Security Awareness Training Platform.
Allow SAML User Provisioning
- This setting is only available when SAML is enabled and is selected by default. When enabled, users who do not already have an account can create a new account by entering their email address from the login window. As long as the SAML authentication was successful, the new user's account is created. If you have this feature disabled, users who do not already have an account will get an error message when they enter their email address.
IdP SSO Target URL
- Enter your Identity Provider or SSO URL into the field.
IdP Cert Fingerprint
- Enter the fingerprint of your Identity Provider's SAML certificate. By default, the SHA-1 option is selected.
- When configuring the SAML connection to your IdP provider, enter the KnowBe4 value found in this section. Depending on your IdP provider, the Entity ID field can also be known as the SAML Audience or Identifier.
Generate Unique Entity ID
- If you are managing multiple accounts, your Identity Provider may not allow the same entity ID to be entered multiple times in the same Identity Provider account. This can make it so that your users cannot log in with SSO. Use this option to generate a unique entity ID to use for this account. However, be aware that if you do change the entity ID, SSO will not work for your users until you update the entity ID in your Identity Provider account.
SSO Sign-in URL
- This field provides the Login URL or SAML Endpoint URL. This URL will redirect your users to the IdP SSO URL, found at the top of SAML dropdown menu, when they try to log in.
SSO Sign-out URL
- This field provides the Logout URL.
SSO Callback (ACS) URL
- This field provides the Assertion Customer Service URL. This URL receives the authentication response from your IdP.
- The SAML ID is a unique code that links your users back to your KnowBe4 account. Your SAML ID cannot be changed so it is important to not share this information.
- This URL contains the Service Provider metadata file and can be used to automatically configure the SAML connection on your IdP. You can only use the metadata URL where applicable.
Bypass-SSO Login URL
- If you would like to bypass SSO, this URL will bypass the SSO redirect and can be used to log onto the KnowBe4 console using your email and password.
Allow Users to Signup
- This option is unchecked by default. We recommend keeping this option unchecked except in special cases.
- Why might you want to "Allow Users to Signup"?
- The reason why you may want to check this option is if you plan to allow your users to sign themselves up for training. Allowing users to sign up for a KnowBe4 account means that users who do not have an account in the console already can make their own simply by entering their email into https://training.knowbe4.com. Users who sign up in this fashion will be added to your user list right away.
- If you'd like to set up a "self-service" training campaign, you would need to set up a campaign directed at All Users in your account that will also "Automatically enroll users" to the campaign once they are added to the console. Then, you can check the "Allow Users to Signup" checkbox in your Account Settings, and direct your users to KnowBe4's training site to sign themselves up.
- Why is this option unchecked by default?
- The consequence of allowing users to sign up on their own is if they misspell their email address or sign up with an email alias (such as firstname.lastname@example.org instead of email@example.com), there will be duplicate user accounts in your user list. These duplicate accounts could also cause users to receive additional phishing tests and training notifications for each email account they've signed up with. If this issue occurs, you can choose to merge these duplicate user accounts.
- Why might you want to "Allow Users to Signup"?
Use Password-less Login
- Enable this option if you'd prefer your users to log in for training without needing to use a password. Be sure to use training notifications tagged with "password-less" if you choose this option, or create your own training notifications using our "password-less" placeholders.
- You can also disable password-less login for administrators on your account by selecting Disable Password-less Login For Admins. Admins will need to log in with their email and password, or through single sign-on, depending on your account setup.
- See: How to Enable and Use Password-less Logins
Expire Password-less link in X days
- If you're using password-less logins, this setting defines how long the password-less link will remain active for your users.
Admin Session Timeout
- Select the length of time that you would like KnowBe4 admin account sessions to remain active. After the specified time period of account inactivity has passed, admins will be logged out. The default setting is 48 hours.
User Session Timeout
- Select the length of time that you would like KnowBe4 user sessions to remain active. After the specified time period of account inactivity has passed, users will be logged out. The default setting is 48 hours.
Minimum Password Length
- Select the minimum required length for user passwords, between 8 and 32 characters.
Disable Open Tracking
- You can check this option to remove the small tracking image that we place in each phishing email which tracks if and when your users open the email in their inbox.
- See: How Do You Track Email Opens in the PST?
Include Archived Users In Reports
- Enabling this option will allow you to include data from archived users in all phishing reports. If this option is disabled, data from archived users will not be included in phishing reports. By default, this option is disabled.
Default Landing Page
- If you would like to set a default landing page to be used across all phishing campaigns, you have the option to select a landing page from the drop-down. You will still have the option to select a different landing page when setting up a phishing campaign or editing an email template.
Default Landing Domain
- If you would like to set a default landing domain to be used across all email templates, you have the option to select a landing domain from the drop-down. You will still have the option to select a different landing domain when editing an email template.
Enable [[domain]] placeholder override
Use this option to set the value the [[domain]] placeholder uses in phishing templates and landing pages. If your organization does not want you to spoof your recipients’ domains, you will want to enable this feature. Once enabled, enter a correctly formatted domain in the text field.
When this option is disabled, the [[domain]] placeholder will use the recipient's email domain. For information on how the [[domain]] placeholder works by default, check out this article.
We recommend using lookalike domains with caution. If someone else has purchased that lookalike domain and your users reply to the email, they may be replying to someone other than you. Please be aware that using a real domain with anti-spoofing protection could affect mail deliverability.
Disable Template Attack Vectors
- Use this option to disable phishing email templates that use specific attachment attack vectors. For example, if you don't want your users to be phished with PDF attachments, you can disable templates with that attack vector from being sent out during a phishing campaign. For more information on our attack vectors, see this article.
Overwrite "From" Address Of Phishing Emails When Tracking Out Of Office Replies
- If you are using reply-to phishing, tracking out of office replies, and using Microsoft Exchange or Microsoft 365, you'll want to enable this feature.
- See: Reply-to Phishing: Should I track out of office replies?
Overwrite Return-path Address with Reply-to Address
- Use this option to change the return-path address to the reply-to address during a reply-to phishing campaign. You will want to use this option if your mail server settings require the return-path address and reply-to address to match.
- For more information on reply-to phishing, see our Reply-To Phishing article.
Phishing Email Headers
Overwrite Fixed Return-path Address with Sender Address
- You'll likely want to check this setting if you are using GSuite/Google Apps as your mail server. With this setting deselected, Gmail users may see "via KnowBe4" text alongside the sender email address when phishing test emails arrive in their inbox.
- See: Why Does Google Mail Show "Via KnowBe4" On The Phishing Tests?
Disable X-PHISHTEST Header
- With this setting disabled, our standard X-PHISHTEST header will not be included in phishing emails.
Enable PST Header Token
- If selected, the generated token will be included in an X-KB4TOKEN header in phishing emails. You may generate a new token if you would like by clicking the Regenerate token button.
Add Custom Header
- Select this checkbox and use the text boxes to set the custom header name and header value for phishing emails. You must enter a value in each field. If you're whitelisting our phishing emails by email header, you can enable this setting and then whitelist your custom header text for increased security.
Enable DKIM Signature
- Select this checkbox to add a DKIM signature to your phishing emails for increased security. If your organization requires DMARC/DKIM checking for incoming messages, you will want to have this checkbox selected. The signing domain is ispservices.org if you are in the US or ispservices.co.uk if you are in EU.
Enable AIDA Beta
- This option is only available on accounts located on training.knowbe4.com. Enabling this option will add a new tab to your KnowBe4 account, "AIDA". AIDA is our Artificial Intelligence Driven Agent and allows you to simulate a multi-faceted social engineering attack, which will prompt your users to click on a phishing link, tap on a link in a text message, or respond to a voicemail--any of which could compromise your network. You can participate in the beta testing of this feature by selecting this option.
- See: AIDA
- Here, you can enable Second Chance management on your KnowBe4 account, adding the Second Chance tab to the top of your screen.
- See: Second Chance Installation Guide
- Here, you can enable access to our reporting APIs. (A Platinum/Diamond subscription level is required)
- See: KnowBe4 API Reference Guide
Active Directory Integration
Active Directory Integration Enabled
- Enabling this option will allow you to install and use our ADI service. Upon enabling and updating your Account Settings, you will see an additional tab beneath the Users tab for ADI.
- Test Mode is enabled by default and should be kept on until you are satisfied with the results of your ADI behavior. You can view the details of your sync (and what would have occurred if test mode was "off") under the Users-->ADI tab of your console.
Show Group Domain
- If your users are split between multiple domain sources, enabling this option will allow you add the root domain to each of the AD-synced group names in the KnowBe4 console so that you can better organize your users.
- See: FAQ: Show Group Domain
AD Sync Token
- This is your unique account token which you'll need during the installation process of Active Directory Integration (ADI). You may generate a new token if you would like by clicking the Regenerate token button.
Please be aware that if you regenerate the AD sync token, you will not be able to sync your active directory until you update your Active Directory Sync Tool with the new sync token. We recommend only using this feature to stop existing syncs from a tool that you don't know the location of in order to set up syncing with a new tool. For information on ADI, see this article.
Download Active Directory Sync Tool
- You'll need to download and install this to run ADI.
ADI installation and configuration guide
- This link will take you to our help desk's installation guide for ADI. Be sure to read this prior to installing the tool.
- See: Active Directory Integration (ADI)
- Here, you can configure and customize aspects of the Phish Alert Button (PAB). The various settings and their functions are detailed in the Enabling and Configuring Phish Alert section of our PAB installation guide.
- See: Enabling and Configuring Phish Alert
- If you have PhishER, you can click the Go to PhishER button to open the PhishER interface.
- See: PhisheER Product Manual
Automatically enable content surveys for new training campaigns
- This setting automatically checks the Enable Content Survey option for all new training campaigns. You will still have the ability to toggle this option on the Create New Training Campaign screen as needed.
- Content surveys help create more accurate recommendations and provide users an opportunity to share their feedback. See our How to Use Surveys article for more information.
Training Email Headers
Disable static return-path header
- You'll want to check this setting if you are using SPF alignment checks and want to spoof your domain. Please make sure you have whitelisted KnowBe4's servers before selecting this option.
Add Custom Header
- Select this checkbox and use the text boxes to set the custom header name and header value for training notifications. If you're whitelisting your training notifications by email header, you can enable this setting and then whitelist your custom header text for increased security.
Email Exposure Check
For more information on EEC Pro, please visit our Email Exposure Check Product Manual article.
Run Scan on this Day of the Month
- This setting is used to set which day you would like to run a monthly Email Exposure Check. For example, if you would like to run an Email Exposure Check on the 17th day of each month, use the drop-down menu to select the number 17.
Last Scanned on
- This shows the date that your last Email Exposure Check scan was queued. This date can be different from the scan’s completion date.
Scan Users Email Address Now
- Use this button to run your Email Exposure Check.
See a short video that explains these options here.
Reduce Visual Effects in Learner Experience
- This setting will reduce visual effects in the learner experience. Enable this setting if you have slower workstations in your environment or are using Citrix or flash-based browsers.
Set the main theme color
- Set an optional main theme color that matches your logo. This will brand your Learner Experience for your end-users and match your organization's color scheme.
Upload Branded Certificate
- Use this option to upload a branded certificate. This allows you to design and upload a custom background image for your certificates, giving them a look and feel that matches your organization. Use the templates in this article as a starting point to make sure the auto-generated text aligns correctly. For more information, see here.
Enable Learner Dashboard
You have the option to enable the Learner Dashboard for your users to view information about their training progress. Here users will see a summary of their training completion including the training status and due dates. Optionally, you can choose to show the user’s Phishing Test Results, Personal Risk Score, and gamification statistics. Learn more about the Learner Dashboard here.
- Click this checkbox if you'd like to enable Badges. Learn more about Badges here.
Badges Available to Users:
- Select the badges that you'd like to allow users to earn. Learn more about badges and how users can earn them here.
- To enable your leaderboard, click this drop-down and select Group Leaderboard. To turn off your leaderboard, select No Leaderboard.
Leaderboard time period:
- Select the time range for rankings you'd like your leaderboard to display. Any enrollment that was active during that time period will be included in the leaderboard rankings.
- Select from: Past 30 Days, Past 90 Days, Current Quarter, Current Year, or All Time.
Groups to include in the leaderboards:
- Select between 3 and 25 groups to include in your leaderboard. Only groups selected in your Account Settings will be included in your leaderboard. Users who are not a part of the selected groups will not be able to view your leaderboard.