Editing Your Account Settings
In your Account Settings, you can view your account subscription information, enable or disable specific features, and customize areas of your KnowBe4 console. To access your Account Settings, log in to your KnowBe4 console and click your email address in the top-right corner of the page. Then, click Account Settings.
To navigate to the different sections of your Account Settings, click the section names on the left side of the page. To expand a section, click the arrow icon next to the section name or click Expand All to expand all sections. You can also use the search bar on the top-right corner of the page to search your Account Settings for keywords.
After you update any settings, be sure to click the blue Save Changes button at the bottom of the page.
Use the links below to learn more about the options in your Account Settings.
Jump to:
Subscription Details
Account Privacy
Organization Information
Branding
User Provisioning
User Settings
Phishing Settings
Direct Message Injection (DMI)
AIDA
Training Settings
Learner Experience
SAML
Phish Alert
API
PhishER
Second Chance
Email Exposure Check (EEC)
Account Information
In the Account Information section, you can review your subscription details, update your privacy settings, update your organization’s information, and more.
To learn more about these settings, see the sections below.
Subscription Details
In the Subscription Details section, you can view information about your account subscription. This information includes:
- Your account subscription level.
- Your subscription end date.
- The number of seats available on your account.
- The number of active users on your account.
If you’d like to change your subscription details, contact your Account Manager or Customer Success Manager.
Account Privacy
In the Account Privacy section, you can see if KnowBe4 agents have access to your account and change your privacy settings to your liking.
You can click the Allow KnowBe4 agents to access this account drop-down menu to change your account privacy settings. We recommend that you select Allow continual access to allow KnowBe4 agents to access your account. Granting access to KnowBe4 agents allows us to access your account and assist you if you experience technical issues in your account. If you select Do not allow access, our support team will not be able to access your account. If you do not allow access, you may experience some delays if our support team needs to view your account to help solve a technical issue.
For more information about the account privacy settings, see our Contact Support and Grant Access to Your Account article.
Organization Information
In the Organizational Information section, you can update your organization’s name, business hours, time zone, and other information about your organization.
Some information that you provide in this section will define the information that placeholders use in your console. You can use placeholders to automatically populate phishing templates, landing pages, and training notifications with information about your organization. For more information about placeholders, see our How To Use Placeholders article.
See below for information about specific settings in this section:
- Allowed Domains: If your email environment includes multiple email domains, you can click Allowed Domains to add more subdomains or root domains to your KnowBe4 account. For more information, see our How to Add and Verify Allowed Domains article.
- Business Hours: Click the clock icon to add your organization’s default business hours.
- Business Days: Click the corresponding button for each of your organization’s default business days.
- Time Zone: Click the drop-down menu and select your organization’s default time zone. For more information about managing time zones in your console, see our Time Zones article.
- Default Admin Console Language: Click the drop-down menu and select a default language for your admin console. The language you select will apply to the entire admin console unless an admin selects a different Admin Console Language. If a user’s language is not available, the account’s default language will be used. For more information, see our Localization Guide.
- Date and Time Format: Click the drop-down menu and select the default date and time format that you’d like to use in the console. For more information, see our Modifying the Default Date and Time Format article.
Branding
In the Branding section, you can customize your organization’s branded content. We recommend that you use branded content to provide a familiar learning environment for your users.
See below for more information about the settings in this section:
- Company Logo URL: Enter the URL for your company logo to use the logo in templates. If you add your logo to the console, you can use the logo in phishing templates, landing pages, and training notifications. For information about logo requirements, see our How Do I Add My Company Logo, Logo URL, and Color to the Console? article.
- Company Logo: Upload a company logo to personalize your users’ Learner Experience. Your logo will replace the KnowBe4 logo at the top-left corner of the console when users log in to the Learner Experience. For information about logo requirements, see our How Do I Add My Company Logo, Logo URL, and Color to the Console? article.
- Brand Color: Select an optional theme color for your Learner Experience. We recommend that you match the color to your organization's brand or logo color.
- Upload Branded Certificate: Upload a custom branded certificate. This setting allows you to design and upload a custom template for your certificates. If you upload a branded certificate, you can click Preview Current Certificate to view the certificate. For more information, see our How Do I Customize My Users’ Training Certificates? article.
- +Placeholders: Click this button to add a custom banner, prefix, or signature block to your phishing emails. You can use these elements to customize phishing emails to match your organization’s brand. This can also help when your banners, prefixes, or signatures no longer appear on phishing emails due to whitelisting rules. For more information, see our DMI Configuration Guide.
User Management
In the User Management section, you can update your user provisioning settings and your general user settings.
To learn more about these settings, see the sections below.
User Provisioning
In the User Provisioning section, you can edit your user provisioning settings. You have the ability to use Active Directory Integration (ADI) or SCIM to provision your users.
See below for more information about the settings in this section:
- Enable User Provisioning: Select this check box if you'd like to use Active Directory (AD) or SCIM to manage your users. After you select this check box and save your Account Settings, you will have access to a new Provisioning subtab. To access this subtab in your console, navigate to Users > Provisioning.
- Test Mode: This check box is selected by default. We recommend that you keep this check box selected until you’re satisfied with the results of your sync. If you use test mode, you have the ability to view details about your sync and what actions would have occurred if test mode was disabled. To see these details, navigate to Users > Provisioning.
- Active Directory Integration Settings: Expand this dropdown to see options for syncing with ADI.
- Show Group Domain: If your users are split between multiple domain sources, you can select this check box to add the root domain to each of the AD-synced group names in the KnowBe4 console. Adding the root domain will allow you to better organize your users.
- AD Sync Token: This is your unique account token that you'll need during the Active Directory Integration (ADI) installation process. If you’d like, you can click the Regenerate ADI token button to generate a new token.
Warning: Please be aware that if you regenerate your ADI Sync token, you will not be able to sync your Active Directory until you update your Active Directory Sync Tool with the new sync token. We recommend that you only regenerate your ADI token to stop existing syncs from a tool that you don't know the location of. For more information about ADI, see our Active Directory Integration (ADI) Configuration Guide.
- Download Active Directory Sync Tool: Click this button to download and install the ADI sync tool.
- View Installation Guide: Click this button to see our Active Directory Integration (ADI) Configuration Guide. Be sure to read this guide before you install the tool.
- SCIM Settings: Expand this dropdown to see options for syncing with SCIM.
- Generate/Regenerate SCIM Token: Use this button to generate a new SCIM token. This token can only be viewed once, so you will need to make sure to save the information before closing the window. You also have the option to generate a new SCIM token using this button. If you regenerate a SCIM token, you will need to be sure to update your identity provider with the most recent token.
- Revoke SCIM Token: Use this button to disable your current SCIM token. Identity providers currently using this token will no longer be linked to your KnowBe4 console.
- Tenant URL: You will need your tenant URL in order to connect KnowBe4 with your identity provider.
- Force Sync Now: Use this button to manually force a SCIM sync at any time, without requiring a change from your identity provider.
- View Our SCIM Guide: Click this button to see our SCIM Configuration Guide.
User Settings
In the User Settings section, you can edit your user and admin permissions.
See below for more information about the settings in this section:
- Allow Users to Create Accounts: Select this check box to allow your users to create their own accounts. We recommend that you only enable this setting in special cases.
- Why should I enable the Allow Users to Create Accounts setting?
- Enable this setting to allow users to sign themselves up for their own KnowBe4 account by entering their work email address on the KnowBe4 training login page. See our KnowBe4's Training Instances article for a full list of login links. Users who sign up using this method will be added to your user list immediately.
- How can I quickly invite users to set up their own accounts?
- Enroll Groups: Select All Users
- Enable automatic enrollment for new users: Select this check box.
- If you allow users to sign up for their own accounts, you can also set up a "self-service" training campaign, where users who sign up can be automatically enrolled in training. To do this, you'll set up a campaign with the below settings.
- Once this campaign is created and the Allow Users to Create Accounts check box is selected, you can direct your users to KnowBe4 to self-enroll.
- Why is this setting disabled by default?
- The consequence of allowing users to sign up on their own is that they may misspell their email address or sign up with an email alias (such as jsmith@domain.com instead of johnsmith@domain.com). If users misspell their email address or sign up with an email alias, there may be duplicate user accounts in your user list.
- Duplicate accounts could also cause users to receive additional phishing tests and training notifications for each email account they've signed up with. If this issue occurs, we recommend that you merge the duplicate user accounts and retain only one account for each user.
- Use Password-less Login: Select this check box to allow users to log in for training without entering a password. If you enable this setting, be sure to use training notifications tagged with "password-less" or create your own training notifications using our Password-less Link placeholders. For more information, see our How to Enable and Use Password-less Logins article.
- Disable Password-less Login for Admins: Select this check box to disable password-less logins for admins.
- Expire Password-less Link After: If you have enabled password-less logins, this setting defines how long the password-less link will remain active for your users.
- Require users to reset initial password set by admins: Select this check box to allow admins to set users' initial passwords and require users to change their passwords after their first login.
- Only allow console sessions from one IP at a time: Select this check box to allow admins to log in to separate instances of the console at the same time, as long as they log in from the same IP address. For more information, see our Session Settings Guide.
- Restrict Console Sessions to Specific IP Ranges: Select this check box to restrict admin and security role user sessions to the IP ranges entered under this setting.
- Admin Session Timeout: Select the length of time that you would like admin account sessions to remain active. After the specified time period of account inactivity has passed, admins will be logged out of their accounts. You can set the system to time out after 15 minutes or as long as 8 hours. For more information, see our Session Settings Guide.
- User Session Timeout: Select the length of time that you would like KnowBe4 Learner Experience sessions to remain active. After the specified time period of account inactivity has passed, your users will be logged out of their accounts. You can set the system to time out after 15 minutes or as long as 8 hours. For more information, see our Session Settings Guide.
- Minimum Password Length: Select the minimum length required for user passwords. You can choose between eight and 32 characters.
Phishing
In the Phishing section, you can update your phishing campaign settings and enable Direct Message Injection (DMI) and Artificial Intelligence Driven Agent (AIDA).
To learn more about these settings, see the sections below.
Phishing Settings
In the Phishing Settings section, you can customize your phishing settings.
See below for more information about the settings in this section:
- Default Landing Page: If you would like to set a default landing page to be used across all phishing campaigns, you can select a landing page from the drop-down menu. When you create a phishing campaign or edit an email template, you will have the option to override this setting and select a different landing page if you’d like.
- Default Landing Domain: If you would like to set a default landing page domain to be used across all email templates, you can select a landing page domain from the drop-down menu. When you edit an email template, you will have the option to override this setting and select a different landing page domain if you’d like.
- Disable Email Open Tracking: Select this check box to remove the small tracking image that we place in each phishing email. This image tracks if and when your users open the email in their inbox. For more information, see our How Do You Track Email Opens in the Phishing Security Test? article.
- Include Archived Users In Reports: Select this check box to include data from archived users in all phishing reports. If this setting is disabled, data from archived users will not be included in phishing reports.
- Overwrite [[domain]] Placeholder: Select this check box to change what the [[domain]] placeholder displays in phishing templates and landing pages. This setting will not affect the [[domain]] placeholder in training notifications. After you select the check box, enter a domain in the text field.
You may want to enable this setting if your organization does not want you to spoof your users' domains or if you use spoofing prevention to prevent emails spoofing your domain from being delivered successfully.
If you do not enable this setting, the [[domain]] placeholder will use the recipient's email domain. For information on how the [[domain]] placeholder works by default, see our How the [[domain]] Placeholder Works article.
Note: If you use a look-alike domain, or a domain that is similar to your organization’s real domain, we recommend that you purchase the look-alike domain. If someone else purchases the look-alike domain and your users reply to an email sent by the domain, your users may reply to the owner of the domain. Please be aware that using a real domain with anti-spoofing protection could affect email deliverability. - Disable Template Attack Vectors: Select this check box to disable phishing email templates that use specific attachment attack vectors. For example, if you don't want your users to receive simulated phishing attacks that include PDF attachments, you can select PDF Attachments from the drop-down menu. For more information, see our What Attachments Can I Add to My Phishing Campaign and How Are They Tracked? article.
- Default Phishing Language: From the drop-down menu, select the language that you’d like to use in phishing campaign emails. This language will be used in all users’ phishing emails unless a different Phishing Language has been set for a user. If a user’s language is not available, the account’s default language will be used. For more information, see our Localization Guide.
- Overwrite Sender Address with Reply-to Address For OOO Replies: We recommend that you select this check box if you use reply-to phishing, track out of office (OOO) replies, or use Microsoft Exchange or Microsoft 365. For more information, see the Should I track out of office replies? section of our Reply-to Phishing article.
- Overwrite Return-path Address with Reply-to Address: Select this check box to change the return-path address to the reply-to address in a reply-to phishing campaign. We recommend that you enable this setting if your mail server settings require the return-path address to match the reply-to address. For more information, see our Reply-to Phishing article.
- Overwrite Fixed Return-path Address with Sender Address: We recommend that you select this check box if you use Google Workspace (formerly G Suite) as your mail server. If you do not enable this setting, Google Workspace users may see "via KnowBe4" text beside the sender email address when they receive phishing test emails in their inbox. For more information, see our Why does my phishing test email show “Via psm.knowbe4”? article.
- Disable X-PHISHTEST Header: Select this check box to remove the X-PHISHTEST header from phishing emails.
- Enable PST Header Token: Select this check box to include the generated token in an X-KB4TOKEN header in phishing emails. If you enable this setting and would like to generate a new token, you can click the Regenerate Token button.
- Add Custom Header: Select this check box to add a custom header name and header value to phishing emails. If you select the check box, you must enter text in the Header Name and Header Value fields. If you whitelist our phishing emails by email header, you can enable this setting and then whitelist your custom header text for additional security.
- Enable DKIM Signature: Select this check box to add a DKIM signature to your phishing emails for additional security. You can choose to use KnowBe4's signing domain or customize your own signature. If your organization requires DMARC/DKIM checking for incoming messages, we recommend that you select this check box. For more information, see our How to Enable and Customize DKIM Signatures article.
Direct Message Injection (DMI)
In this section, you can enable Direct Message Injection (DMI). DMI eliminates the need to whitelist simulated phishing emails by creating a secure link between your KnowBe4 console and your Microsoft 365 account.
For more information about enabling DMI, see our DMI Configuration Guide.
AIDA
In this section, you can enable Artificial Intelligence Driven Agent (AIDA). AIDA allows you to simulate a multi-vector social engineering attack. To participate in the beta testing of this feature, select the Enable AIDA Beta check box. If you select this check box, a new AIDA tab will appear in your KnowBe4 console.
For more information, see our AIDA - Artificial Intelligence Driven Agent article.
Training
In the Training section, you can update your training and Learner Experience (LX) settings. To learn more about these settings, see the sections below.
Training Settings
In the Training Settings section, you can edit your training settings.
See below for more information about the settings in this section:
- Enable Content Surveys for All New Training Campaigns: You can select this check box to enable the Enable Content Survey option for all new training campaigns. If you enable this setting, you will still have the option to disable content surveys when you create new training campaigns. For more information about surveys, see our How to Use Surveys article.
- Overwrite Fixed Return-path Address with Sender Address: We recommend that you select this check box if you use SPF alignment checks and want to spoof your domain. Please be sure to whitelist KnowBe4's servers before you select this check box.
- Add Custom Header: Select this check box to add a custom header name and header value to training notifications. If you select this check box, you must enter text in the Header Name and Header Value fields. If you whitelist your training notifications by email header, you can enable this setting and then whitelist your custom header text for increased security.
- Enable Custom DKIM Signature: Select this check box to enable a custom DKIM signature for training notifications. For more information about this setting, see our How to Enable and Customize DKIM Signatures article.
Learner Experience (LX)
In this section, you can customize your users’ Learner Experience (LX).
See below for more information about the settings in this section. If you prefer video tutorials, you can also watch our Learner Experience (LX) Account Settings video for more information.
- Default Training Language: Select your preferred language from the drop-down menu. This language will apply to the Learner Experience and content available in that language unless a user selects a different Training Language. If a user’s language is not available, the account’s default language will be used.
- Enable Localized Training Notifications: Select this check box to send training notifications in each user's language. If a user’s language is not available, the account’s default language will be used. For more information, see our Localization Guide.
- Reduce Visual Effects in Learner Experience: Select this check box to reduce visual effects in the Learner Experience. We recommend that you enable this setting if you have slow workstations in your environment or if you use Citrix or Flash-based browsers.
- Enable Customized Need Help Button: Select this check box to customize the information that users will see if they click the Need Help? button. If you select the check box, a text field will open. In this text field, you can enter a URL or contact email address of your choice. For more information, see our Learner Experience Guide.
- Enable Learner Dashboard: Select this check box to allow your users to view their Learner Dashboard. The Learner Dashboard shows your users a summary of their training completion, including their training status and training due dates. For more information, see our What is the Learner Dashboard? article.
- Enable Phishing Information: After you enable the Learner Dashboard, you can select this check box to allow users to view their own phishing test results.
- Enable Risk Information: After you enable the Learner Dashboard, you can select this check box to allow users to view their Personal Risk Score.
- Limit User Information Shown: After you enable the Team Dashboard, you can turn on this toggle to limit the training and phishing details displayed on the Team Details for the Last Year tile. When this is enabled, the Team Dashboard will only show aggregated statistics for the team.
- Enable Team Dashboard: Enable this setting to add a Team Dashboard to the LX that allows managers to view their team's training progress and other statistics.
- Enable Phishing Information: After you enable the Team Dashboard, you can select this checkbox to display the team’s phishing results.
- Enable Risk Information: After you enable the Team Dashboard, you can select this checkbox to display the team’s current combined Risk Score.
- Enable Optional Training Campaigns: Select this check box if you would like the option to enroll your users in optional training campaigns. After you create an optional training campaign, the optional content will be added to your user’s Learner Experience. To view this optional content, your users can log in to their Learner Experience and navigate to the Library tab. For more information, see our Optional Learning Guide.
- Enable AIDA Recommended Optional Learning: This feature is only available to Diamond accounts. Select this check box to provide relevant optional training content for your users without creating an optional training campaign. When this setting is enabled, all users will be able to view the Library tab in their LX. For more information, see our Optional Learning Guide.
- Enable Badges: Select this check box if you'd like to enable badges. For more information, see the Badges section of our Learner Experience Guide.
- Badges Available to Users: Select the badges that you'd like to allow users to earn. For more information, see the Badges section of our Learner Experience Guide.
- Leaderboard Type: To enable your leaderboard, click this drop-down menu and select Group Leaderboard. To disable your leaderboard, select No Leaderboard from the drop-down menu. For more information, see our How Do Leaderboards Work? article.
- Leaderboard Time Period: From the drop-down menu, select the timeframe that you’d like rankings to be calculated by. Any enrollment that was active during this time period will be included in the leaderboard rankings. You can select Past 30 Days, Past 90 Days, Current Quarter, Current Year, or All Time.
- Groups to Include in Leaderboard: From the drop-down menu, select the groups you’d like to include in your leaderboard.
- Exclude training campaigns with no due date.: Select this check box if you’d like to exclude training campaigns that do not have a due date from the leaderboard. You can enable this setting to keep optional content from impacting the leaderboard.
Account Integrations
In the Account Integrations section, you can manage your account integrations including SAML, the Phish Alert Button (PAB), API reporting, PhishER, and Second Chance.
To learn more about these settings, see the sections below.
SAML
In the SAML section, you can enable or disable SAML on your account. You will need the information provided in this section to set up SAML with your single sign-on (SSO) provider. If you need to enable SAML to allow your users to log in for training using your SSO provider, please follow the instructions in our How to Set Up SAML Single Sign-on for the Security Awareness Training Platform article.
See below for more information about the settings in this section:
- Enable SAML SSO: Select this check box to enable SAML Single Sign-on (SSO) on your account. For more information, see our How to Set Up SAML Single Sign-on for the Security Awareness Training Platform article.
- Disable non-SAML Logins for All Users: Select this check box to disable password logins for all users. Once selected, users will be required to log in with their SAML application and all bypass URLs will be disabled. This checkbox is only visible when the Enable SAML SSO checkbox is selected.
- Allow Admins w/MFA to Bypass SAML Login: Select this check box to allow admins with multi-factor authentication enabled to log in with their password and token. Admins will be able to use this login method with a bypass URL as an alternative to their SAML application. This checkbox is only visible when the Disable non-SAML Logins for All Users checkbox is selected.
- Allow Account Creation from SAML Login: This check box will display after you enable SAML. This setting allows users who do not already have an account to create a new account by entering their email address from the login window. If the SAML authentication was successful, the new user's account will be created. If you don’t enable this setting, users who do not already have an account will get an error message if they try to create an account.
- IdP SSO Target URL: Enter your identity provider URL or SSO URL into the field.
- IdP Cert Fingerprint: Enter the fingerprint of your identity provider's SAML certificate. The SHA-1 option is selected by default.
- Sign SP AuthnRequest: Select this check box to digitally sign the SAML AuthnRequest sent from the KnowBe4 service provider to your identity provider.
- Entity ID: When configuring the SAML connection to your identity provider, enter the ID found in this section. Depending on your IdP provider, the Entity ID field may also be named the SAML Audience or Identifier.
- Generate Unique Entity ID: You can click this button to generate a unique entity ID to use for this account. However, be aware that if you do change the entity ID, SSO will not work for your users until you update the entity ID in your Identity Provider account.
Important: If you manage multiple accounts, your Identity Provider may not allow the same entity ID to be entered multiple times in the same Identity Provider account. If your Identity Provider does not allow the same ID to be entered multiple times, your users may be unable to log in to their account with SSO.
If you click the Generate Unique Entity ID button, you'll see the Restore Default Entity ID button. You can click this button to restore your entity ID back to "KnowBe4". If you click this button, any existing SAML connection using your entity ID will stop functioning until you update it in your identity provider. - SSO Sign-in URL: This field provides the Login URL or SAML Endpoint URL. This URL will redirect your users to the identity provider SSO URL.
- SSO Sign-out URL: This field provides the Logout URL.
- SSO Callback (ACS) URL: This field provides the Assertion Customer Service (ACS) URL. This URL receives the authentication response from your identity provider.
- SAML ID: This field provides your SAML ID. Your SAML ID is a unique code that links your users back to your KnowBe4 account. You can’t change your SAML ID.
- Metadata URL: This field provides your Metadata URL. Your Metadata URL contains your service provider’s metadata file and can be used to automatically configure the SAML connection on your identity provider. You can only use the metadata URL where applicable.
- Bypass-SSO Login URL: This field provides your Bypass-SSO Login URL. If you would like to bypass SSO, this URL will bypass the SSO redirect and allow you to log into the KnowBe4 console using your email and password.
Phish Alert
In the Phish Alert section, you can configure and customize aspects of the Phish Alert Button (PAB) for your account. For information about the settings in this section, see the Enable and Configure PAB section of our Phish Alert Button (PAB) Product Manual.
API
In the API section, you can enable and access KnowBe4’s API.
See below for more information about the settings in this section:
- Enable Reporting API Access: Select this check box to enable access to our reporting APIs. To enable this feature, you must have a Platinum or Diamond subscription. For more information, see our KnowBe4 API Documentation.
- User Event API: If your organization uses KnowBe4's User Event API, you can click User Event API to access the User Event API Management Console. To access the console, you must have a Platinum or Diamond subscription. For more information, see our User Event API article.
- PhishER API: If your organization uses KnowBe4's PhishER API, you can click PhishER API to visit the API Key tab in the User Event API Management Console to learn how to create a new PhishER API token. For more information, see our User Event API article.
PhishER
If you have enabled PhishER in your organization, you can click the Go to PhishER button to access the PhishER interface.
For more information about PhishER, see our PhishER Product Manual.
Second Chance
In the Second Chance section, you can enable our Second Chance tool for your KnowBe4 account.
To enable Second Chance, select the Enable Second Chance Management check box. If you enable Second Chance, you will have access to a new Second Chance tab in your KnowBe4 console.
If you have a Partner account, you can use the Days Shown on Overview Page field to select the number of days you’d like to include when displaying the User Actions data on the Second Chance Overview page. The default setting is 30 days.
For more information about Second Chance, see our Second Chance Installation and Product Manual.
Email Exposure Check Pro (EEC Pro)
In the Email Exposure Check Pro (EEC Pro) section, you can customize your Email Exposure Check Pro (EEC Pro) settings.
See below for more information about the settings in this section:
- Run Scan on this Day of the Month: Select which day you’d like to run a monthly Email Exposure Check. For example, if you would like to run an Email Exposure Check on the 17th day of each month, click the drop-down menu and select 17.
- Last Scanned on: This setting shows the date that your last Email Exposure Check scan was queued. This date and the scan completion date may not be the same.
- Scan User Email Address Now:Click this button to run your Email Exposure Check now.
For more information about EEC Pro, see our Email Exposure Check Pro (EEC Pro) Product Manual.
Comments
0 comments
Article is closed for comments.