Menu

KCM GRC: Working with Users

Avatar
Lauren Ashley
Updated
Follow

Creating Accounts and Managing Users

The KCM governance, risk, and compliance platform (KCM GRC) offers a role-based access control (RBAC) model for the various user accounts needed by your organization in order to implement, manage, and carry out workflows in your console. With this RBAC model, users can complete the job functions required of their role without having access to privileged, or unnecessary information.

You can grant multiple user roles to one individual, allowing users to work across the different modules available for your account:

  • Compliance Management (CM) Module: Implement, automate, and manage your compliance efforts and audit tasks.
  • Policy Management (PM) Module: Manage, distribute, and track acknowledgments of your organization's internal (or other) policies.
  • Risk Management (RM) Module: Identify risks and implement, track, and assess your organization's mitigation efforts.

Refer to the sections below to learn more about working with users in KCM GRC.

Jump To:

User Role Use Cases

Creating New Users

Managing Users

   

User Role Use Cases

Users can submit evidence for compliance controls, create risk assessments and risk mitigation controls, distribute and manage your organization's internal policies, or complete other workflows in your KCM GRC account.

Refer to the use cases below to help you decide which user roles are best fit for accomplishing the governance, risk, and compliance efforts of your organization. For a full explanation of each user role, please see our KCM GRC: User Roles article.

Need

User Role(s)

The user should be able to do the following in KCM GRC:

  • Add or import the necessary governance: Laws, regulations, frameworks, etc.
  • Delegate tasks for compliance efforts
  • Monitor and assess the organization's state of compliance
 Account Administrator

The user should be able to do the following in KCM GRC:

  • Create internal controls for the requirements of a scope (or map requirements to controls from other allowed scopes)
  • Delegate tasks for meeting control objectives
  • Monitor adherence to compliance controls
  • Create and monitor response plans for audit findings

Scope Administrator and Risk Administrator

The user should be able to do the following in KCM GRC:

  • Submit evidence for compliance control tasks
 Contributor

The user should be able to do the following in KCM GRC:

  • Add and update our organization's policies
  • Distribute policies to employees and track acknowledgments
 Policy Administrator

 The user should be able to do the following in KCM GRC:

  • Distribute policies to employees and track acknowledgments 
 Campaign Administrator

The user should be able to do the following in KCM GRC:

Risk Administrator 

The user should be able to do the following in KCM GRC:

  • Review control evidence in the Evidence Repository
  • Review controls and tasks using the compliance and scope reports found under the Metrics page

 Auditor


See the next section to learn how to create new users in your KCM GRC console.

Back to top

 

Creating New Users 

Follow the steps below to create a new user for one or more modules in your account.

  1. To add a new user to your console, click Settings at the top-right of your account, then select Create New User, as shown below.
  2. Add the information outlined below:
    1. First Name: Enter the user's first name. The user will be addressed by their first name in the automated emails sent from your KCM GRC account.
    2. Last Name: Enter the user's last name.
    3. Email: Enter the user's business email. The email address should be at your organization's domain or the domain of a sister or subsidiary organization. As a best practice, we strongly advise against using email addresses from free email providers. However, you may need to create an account for a third party individual or organization, such as an auditor, vendor, or board member–in which case an alternative domain may need to be used.

      Important:

      The user must be able to receive email at this address in order to confirm their account.

    4. Telephone: Use the flag drop-down menu to select the telephone format for your country, then enter the user's phone number.
    5. User Roles: Click the drop-down menu to choose one or more of the user roles listed in the table below:
      User Role Associated Module(s) Licensed User (Y/N)
      Account Administrator All Y
      Auditor Compliance Management N
      Policy Administrator Policy Management Y
      Campaign Administrator Policy Management Y
      Risk Administrator Risk Management Y
      Scope Administrator Compliance Management Y
      Contributor Compliance Management Y

      Note:

      If you grant an Account Administrator user role, then later need to downgrade the user's permissions, you'll need to contact our support team at support@knowbe4.com in order to do so.

      Please refer to our User Roles article for details on the permission sets for each role.
      • Allowed Scopes (Scope Administrator and Auditor roles only): Select the Scopes from the drop-down menu that you'd like the user to have access to.
      • Allowed Campaigns (Campaign Administrator and Auditor roles only): Select the policy campaigns from the drop-down menu you'd like the user to have access to.
    6. Create: Click this button once you've added the details above.

Once you've created the user, you're brought to the User Management page where you can view and manage the user details. From here, you can also see the user's record of compliance tasks and optionally mandate the account to use Multifactor Authentication when logging in. See the Managing Users section below to learn more about the User Management page.

Back to top

  

Managing Users

If you're an account administrator and you'd like to update a user's information (i.e., user role(s), email address, etc.) or their account settings (i.e., require Multi-factor Authentication, etc.), you can do so from the User Management page.

Navigate to the User Management page by selecting Settings at the top right of your account, then click Manage Users, as shown below.

Note:

If you're not an account admin and you'd like to update your own account information, click your name at the top-right of your account, then click Profile, as shown below.

 

The Manage Users table (shown below) offers high-level details about the users in your account.

Manage Users Table

Use arrows in the header columns to sort users in the table. The Updated At column informs you of the last time any changes were made to the user's account (i.e., email address, phone number, user role, etc.). The Status column tells you if the user account is Active, Awaiting Confirmation, or Disabled. See the Confirming User Accounts section below for more information on account confirmation.

Click the disable user icon () in the far right column (shown above) to disable the user and transfer their responsibilities to a different user (learn more in the Disabling Users and Transferring Responsibilities section, below). To view or update a user's information, click the update user icon () in the far right column to navigate to the User Management page, shown below.

User Management Page

  1. When your users log into their account they can navigate to their User Profile page and use the Set Up MFA button to connect their account with their authenticator application. For more information on mandating Multi-factor Authentication for all users or individual user accounts, see our Enable and Set Up Multi-factor Authentication article.
  2. Use the Disable User button to disable the user account and transfer their responsibilities to another user. For more information see the Disabling Users and Transferring Responsibilities section, below.
  3. This widget provides an overview of the user's responsibilities in your KCM GRC console.
    • Scopes: Shows the number of scopes the user has been granted permissions to, if applicable.
    • Policy Campaigns: Shows the number of policy campaigns the user has been granted permissions to, if applicable.
    • Tasks: Shows the number of tasks the user is currently assigned to as the User Responsible, if applicable. For more information, see: How Do I Create Control Tasks?
    • Compliance Percentage: The percentage of this user's tasks that were satisfied on time (when the user was assigned as the User Responsible for the task), if applicable.
  4. Click the Task History tab to see all of the tasks the user is currently assigned to and the tasks the user has satisfied in the past.
    • The Task History table lists the following information for all tasks that the user is the User Responsible for:
      • Name: The name of the Control that the task is scheduled for
      • Due On: The date the task evidence is (or was) due
      • Satisfied On: The date the task was satisfied
      • Status: The current task status (Failed, Past Due, Active, Acknowledged, Satisfied, or Closed Late)
      • Stage: The current phase of satisfying the task (Awaiting Approval, Complete, or Open). All failed, or otherwise unsatisfied tasks will remain in the Open stage.
  5. The Audit Trail tab logs actions that the user has made in your KCM GRC account.
  6. User Roles: Use the drop-down menu to add additional user roles. To remove a user role, click the x to the right of the role name.
  7. Allowed Scopes (Scope Administrator user roles): Use the drop-down menu to search for or select the scopes you'd like the user to have access to.
  8. Allowed Campaigns (Campaign Administrator user roles): Use the drop-down menu to search for or select the policy campaigns you'd like your users to have access to.
  9. Require MFA: If you are an account administrator, you can use this slider button to turn on MFA for individual user accounts. Ensure the user has installed an authenticator application before enabling this feature–the user will be required to set up their MFA the next time they log in to their account. For more information see our Enable and Set Up Multi-Factor Authentication article.

Be sure to click the Save button after making changes.

Back to top

 

Confirming User Accounts

Once you've created a new user, they must confirm their account before they log in. The user will receive an account confirmation email at the address you specified when creating the user. The user will click the Activate Your Account link in the email, then enter the Activation Code to confirm their account.

If the user did not receive the account confirmation email, be sure they've checked their Spam or Junk folder.

If you need to resend the activation email to your user, see the next section for instructions.

Back to Top

 

Resending Account Confirmation Emails

If you are an account admin for your KCM GRC platform, and your user has not yet confirmed their account, follow the steps below to resend their account confirmation email from your console.

  1. Navigate to the User Management page by selecting Settings at the top right of your account, then click Manage Users, as shown below.
  2. From the Manage Users page, find the user who needs the confirmation email, and click the update user icon in the far-right column (shown below).
  3. From the User Management page, click the Resend Activation button on the left-hand side, as shown below.
  4. Select Yes to the Are you sure you want to reconfirm this user? prompt.

The user should receive the activation email momentarily. If the user did not receive the account confirmation email, be sure they've checked their Spam or Junk folder.

Still having trouble? Reach out to support@knowbe4.com for assistance.

Back to top

 

Disabling Users and Transferring Responsibilities

If you're a KCM GRC account administrator, you can disable a user to deactivate their account. For example, if one of your compliance users (Contributors or Scope Administrator user roles) leaves your organization, you will need to deactivate the user's account after deciding which of your other KCM GRC users will take over their responsibilities for control tasks.

Note:

In order to transfer responsibilities to another user, the transferee should:

  • Have an equal or greater level of user permissions (user role(s)) as the transferring user
  • Have the same Allowed Scopes as the transferring user (or have a Contributor user role)

Follow the steps below to disable a user and transfer their responsibilities.

  1. Navigate to the User Management page by selecting Settings at the top right of your account, then click Manage Users, as shown below.
  2. From the Manage Users page, find the user you need to disable, then click the disable user icon in the far-right column (shown below).
  3. When prompted, use the drop-down menu to select a user to transfer responsibilities to.
  4. Click the Transfer Now button to confirm the responsibility transfer and deactivation of the account.
    All of the scheduled, or recurring tasks, that the disabled user was assigned to as the User Responsible will be reassigned to the selected user.

 

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles