Menu

KCM GRC: Working with Users

Avatar
Lauren Ashley
Updated
Follow

Creating Accounts and Managing Users

Note: As we have recently made major updates to your KCM GRC platform, this article is a work in progress and may not be fully up-to-date. For details on these enhancements, please see our Enhancements to the KCM GRC Platform and Compliance Management Workflows (July 2020) article.

The KCM governance, risk, and compliance platform (KCM GRC) offers a role-based access control (RBAC) model for the various user accounts needed by your organization in order to implement, manage, and carry out workflows in your console. With this RBAC model, users can complete the job functions required of their role without having access to privileged, or unnecessary information.

You can grant multiple user roles to one individual, allowing users to work across the different modules available for your account. For more information, see: What modules are available in the KCM GRC console and what do they do?

Refer to the sections below to learn more about working with users in KCM GRC.

Jump To:

User Role Use Cases

Creating New Users

Managing Users

   

User Role Use Cases

Users can submit evidence for compliance controls, create risk assessments and risk mitigation controls, distribute and manage your organization's internal policies, or complete other workflows in your KCM GRC account.

Refer to the use cases below to help you decide which user roles are best fit for accomplishing the governance, risk, and compliance efforts of your organization. For a full explanation of each user role, please see our KCM GRC: User Roles article.

Need

User Role(s)

The user should be able to do the following in KCM GRC:

  • Add or import the necessary governance: Laws, regulations, frameworks, etc.
  • Delegate tasks for compliance efforts
  • Monitor and assess the organization's state of compliance
 Account Administrator

The user should be able to do the following in KCM GRC:

  • Create internal controls for the requirements of a scope (or map requirements to controls from other allowed scopes)
  • Delegate tasks for meeting control objectives
  • Monitor adherence to compliance controls
  • Create and monitor response plans for audit findings

Scope Administrator

The user should be able to do the following in KCM GRC:

  • Submit evidence for compliance control tasks
 Contributor

The user should be able to do the following in KCM GRC:

  • Add and update our organization's policies
  • Distribute policies to employees and track acknowledgments
 Policy Administrator

 The user should be able to do the following in KCM GRC:

  • Distribute policies to employees and track acknowledgments 
 Campaign Administrator

The user should be able to do the following in KCM GRC:

Risk Administrator 

The user should be able to do the following in KCM GRC:

  • Review control evidence in the Evidence Repository
  • Review controls and tasks using the compliance and scope reports found under the Metrics page

 Auditor

The user should be able to do the following in KCM GRC: 

  • Create Vendor Profiles and Vendor Contacts in order to send questionnaires
  • Create and send questionnaires to vendors
  • Review questionnaires and create questionnaire issues

Vendor Administrator


See the next section to learn how to create new users in your KCM GRC console.

Back to top

 

Creating New Users 

Follow the steps below to create a new user for one or more modules in your account.

Note: If you're using KCM's Policy Management module to manage internal policy acknowledgments, you will use a different method to add end users to your KCM GRC account. See our Policy Management article for more information.
  1. To add a new user to your console, click Settings at the top-right of your account, then select Create New User, as shown below.
  2. Add the information outlined below:
    1. First Name: Enter the user's first name. The user will be addressed by their first name in the automated emails sent from your KCM GRC account.
    2. Last Name: Enter the user's last name.
    3. Email: Enter the user's business email. The email address should be at your organization's domain or the domain of a sister or subsidiary organization. As a best practice, we strongly advise against using email addresses from free email providers. However, you may need to create an account for a third party individual or organization, such as an auditor, vendor, or board member–in which case an alternative domain may need to be used.

      Important:

      The user must be able to receive email at this address in order to confirm their account.

    4. Telephone: Use the flag drop-down menu to select the telephone format for your country, then enter the user's phone number.
    5. User Roles: Click the drop-down menu to choose one or more user roles. Please refer to our User Roles article for details on the permission sets for each role.

      Note:

      If you grant an Account Administrator user role, then later need to downgrade the user's permissions, you'll need to contact our support team at support@knowbe4.com in order to do so.

      • Allowed Scopes (Scope Administrator and Auditor roles only): Select the Scopes from the drop-down menu that you'd like the user to have access to.
      • Allowed Campaigns (Campaign Administrator and Auditor roles only): Select the policy campaigns from the drop-down menu you'd like the user to have access to.
    6. Create: Click this button once you've added the details above.

Once you've created the user, you're brought to the User Management page where you can view and manage the user details. From here, you can also see the user's record of compliance tasks and optionally require the account to use Multifactor Authentication when logging in. See the Managing Users section below to learn more about the User Management page.

Back to top

  

Importing Users

If you're creating multiple user accounts at once, you can save time by importing users with a CSV file. Imported user accounts are created with a "Contributor" user role. By default, "Contributors" are unable to access the data contained under your scopes, or data from any of the modules offered in your KCM GRC platform. 

Follow the steps below to import users and create user accounts.

  1. From the Manage Users page (Settings > Manage Users), click the Import button at the top-right.
  2. From the Import Users window, use the Click to Upload button to locate your CSV file.

    CSV file prerequisites:
    • The file should be a valid CSV with a comma (,) separator. 
    • The following header line is required:
      email,first_name,last_name
    • The field size limitations are as follows:
      • email: 255 character limit
      • first_name: 255 character limit
      • last_name: 255 character limit

        Tip:

        Use the Download Example CSV button to see an example of how the CSV file should be formatted. You can also click the question mark icon beside Import Users to see details about the CSV file format.
  3. Once you've selected the file, you can review the users before adding the new accounts. Use the search fields to search for a specific user (shown below). Click the trash can icon if you would like to remove a user from the import.
  4. When you're ready to add the user accounts, click the Import Users button.

Note:

Once users are imported they will immediately receive an email to activate their account.

The user accounts are automatically created with a "Contributor" user role. By default, "Contributors" are unable to access the data contained under your scopes, or data from any of the modules offered in your KCM GRC platform (see this article for more information). When you're ready to assign additional or different user roles to these users, edit the user profiles by clicking the appropriate pencil icon from the Manage Users page.
See the Managing Users section below to learn how to edit user profiles and add additional user roles. 

Back to top

  

Managing Users

If you're an account administrator and you'd like to update a user's information (i.e., user role(s), email address, etc.) or their account settings (i.e., require Multi-factor Authentication, etc.), you can do so from the User Management page.

Navigate to the User Management page by selecting Settings at the top right of your account, then click Manage Users, as shown below.

Note:

If you're not an account admin and you'd like to update your own account information, click your name at the top-right of your account, then click Profile, as shown below.

 

The Manage Users table (shown below) offers high-level details about the users in your account.

Manage Users Table

Use arrows in the header columns to sort users in the table. The Updated At column informs you of the last time any changes were made to the user's account (i.e., email address, phone number, user role, etc.). The Status column tells you if the user account is Active, Awaiting Confirmation, or Disabled. See the Confirming User Accounts section below for more information on account confirmation.

Click the disable user icon () in the far right column (shown above) to disable the user and transfer their responsibilities to a different user (learn more in the Disabling Users and Transferring Responsibilities section, below). To view or update a user's information, click the update user icon () in the far right column to navigate to the User Management page, shown below.

User Management Page

  1. When your users log into their account they can navigate to their User Profile page and use the Set Up MFA button to connect their account with their authenticator application. For more information on mandating Multi-factor Authentication for all users or individual user accounts, see our Enable and Set Up Multi-factor Authentication article.
  2. Use the Disable User button to disable the user account and transfer their responsibilities to another user. For more information see the Disabling Users and Transferring Responsibilities section, below.
  3. This widget provides an overview of the user's responsibilities in your KCM GRC console.
    • Scopes: Shows the number of scopes the user has been granted permissions to, if applicable.
    • Policy Campaigns: Shows the number of policy campaigns the user has been granted permissions to, if applicable.
    • Tasks: Shows the number of tasks the user is currently assigned to as the User Responsible, if applicable. For more information, see: How Do I Create Control Tasks?
    • Compliance Percentage: The percentage of this user's tasks that were satisfied on time (when the user was assigned as the User Responsible for the task), if applicable.
  4. Click the Task History tab to see all of the tasks the user is currently assigned to and the tasks the user has satisfied in the past.
    • The Task History table lists the following information for all tasks that the user is the User Responsible for:
      • Name: The name of the Control that the task is scheduled for
      • Due On: The date the task evidence is (or was) due
      • Satisfied On: The date the task was satisfied
      • Status: The current task status (Failed, Past Due, Active, Acknowledged, Satisfied, or Closed Late)
      • Stage: The current phase of satisfying the task (Awaiting Approval, Complete, or Open). All failed, or otherwise unsatisfied tasks will remain in the Open stage.
  5. The Audit Trail tab logs actions that the user has made in your KCM GRC account.
  6. User Roles: Use the drop-down menu to add additional user roles. To remove a user role, click the x to the right of the role name.
  7. Allowed Scopes (Scope Administrator user roles): Use the drop-down menu to search for or select the scopes you'd like the user to have access to.
  8. Allowed Campaigns (Campaign Administrator user roles): Use the drop-down menu to search for or select the policy campaigns you'd like your users to have access to.
  9. Require MFA: If you are an account administrator, you can use this slider button to turn on MFA for individual user accounts. Ensure the user has installed an authenticator application before enabling this feature–the user will be required to set up their MFA the next time they log in to their account. For more information see our Enable and Set Up Multi-Factor Authentication article.

Be sure to click the Save button after making changes.

Back to top

 

Confirming User Accounts

Once you've created a new user, they must confirm their account before they log in. The user will receive an account confirmation email at the address you specified when creating the user. The user will click the Activate Your Account link in the email, then enter the Activation Code to confirm their account.

If the user did not receive the account confirmation email, be sure they've checked their Spam or Junk folder.

If you need to resend the activation email to your user, see the next section for instructions.

Back to Top

 

Resending Account Confirmation Emails

If you are an account admin for your KCM GRC platform, and your user has not yet confirmed their account, follow the steps below to resend their account confirmation email from your console.

  1. Navigate to the User Management page by selecting Settings at the top right of your account, then click Manage Users, as shown below.
  2. From the Manage Users page, find the user who needs the confirmation email, and click the update user icon in the far-right column (shown below).
  3. From the User Management page, click the Resend Activation button on the left-hand side, as shown below.
  4. Select Yes to the Are you sure you want to reconfirm this user? prompt.

The user should receive the activation email momentarily. If the user did not receive the account confirmation email, be sure they've checked their Spam or Junk folder.

Still having trouble? Reach out to support@knowbe4.com for assistance.

Back to top

 

Disabling Users and Transferring Responsibilities

If you're a KCM GRC account administrator, you can disable a user to deactivate their account. For example, if one of your compliance users (Contributors or Scope Administrator user roles) leaves your organization, you will need to deactivate the user's account after deciding which of your other KCM GRC users will take over their responsibilities for control tasks.

Note:

In order to transfer responsibilities to another user, the transferee should:

  • Have an equal or greater level of user permissions (user role(s)) as the transferring user
  • Have the same Allowed Scopes as the transferring user (or have a Contributor user role)

Follow the steps below to disable a user and transfer their responsibilities.

  1. Navigate to the User Management page by selecting Settings at the top right of your account, then click Manage Users, as shown below.
  2. From the Manage Users page, find the user you need to disable, then click the disable user icon in the far-right column (shown below).
  3. When prompted, use the drop-down menu to select a user to transfer responsibilities to.
  4. Click the Transfer Now button to confirm the responsibility transfer and deactivation of the account.
    All one-time and scheduled tasks–of which the disabled user was assigned to as the User Responsible–will be reassigned to the selected user.

 

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles