Creating Accounts and Managing Users
The KCM governance, risk, and compliance platform (KCM GRC) offers a role-based access control (RBAC) model for the various user accounts needed by your organization in order to implement, manage, and carry out workflows in your console. With this RBAC model, users can complete the job functions required of their role without having access to privileged, or unnecessary information.
You can grant multiple user roles to one individual, allowing users to work across the different modules available for your account. For more information, see: What modules are available in the KCM GRC console and what do they do?
Note:
If you're using KCM's Policy Management module to manage internal policy acknowledgments, you'll use a different method to add end users to your KCM GRC account. See our Policy Management article for more information.Refer to the sections below to learn more about working with users in KCM GRC.
Jump To:
- Confirming User Accounts
- Resending Account Confirmation Emails
- Disabling Users and Transferring Responsibilities
User Role Use Cases
Users can submit evidence for compliance controls, create risk assessments and risk mitigation controls, distribute and manage your organization's internal policies, or complete other workflows in your KCM GRC account.
Refer to the use cases below to help you decide which user roles are best fit for accomplishing the governance, risk, and compliance efforts of your organization. For a full explanation of each user role, please see our KCM GRC: User Roles article.
Need |
User Role(s) |
|
The user should be able to do the following in KCM GRC:
|
Account Administrator |
|
The user should be able to do the following in KCM GRC:
|
Scope Administrator and Risk Administrator |
|
The user should be able to do the following in KCM GRC:
|
Contributor |
|
The user should be able to do the following in KCM GRC:
|
Policy Administrator |
|
The user should be able to do the following in KCM GRC:
|
Campaign Administrator |
|
The user should be able to do the following in KCM GRC:
|
Risk Administrator |
|
The user should be able to do the following in KCM GRC:
|
Auditor |
|
The user should be able to do the following in KCM GRC:
|
Vendor Administrator |
See the next section to learn how to create new users in your KCM GRC console.
Creating New Users
Follow the steps below to create a new user for one or more modules in your account.
- To add a new user to your console, click Settings at the top-right of your account, then select Create New User, as shown below.
- Add the information outlined below:
- First Name: Enter the user's first name. The user will be addressed by their first name in the automated emails sent from your KCM GRC account.
- Last Name: Enter the user's last name.
- Email: Enter the user's business email. The email address should be at your organization's domain or the domain of a sister or subsidiary organization. As a best practice, we strongly advise against using email addresses from free email providers. However, you may need to create an account for a third party individual or organization, such as an auditor, vendor, or board member–in which case an alternative domain may need to be used.
Important:
The user must be able to receive email at this address in order to confirm their account.
- Telephone: Use the flag drop-down menu to select the telephone format for your country, then enter the user's phone number.
- User Roles: Click the drop-down menu to choose one or more user roles. Please refer to our User Roles article for details on the permission sets for each role.
Note:
If you grant an Account Administrator user role, then later need to downgrade the user's permissions, you'll need to contact our support team at support@knowbe4.com in order to do so.
- Allowed Scopes (Scope Administrator and Auditor roles only): Select the Scopes from the drop-down menu that you'd like the user to have access to.
- Allowed Campaigns (Campaign Administrator and Auditor roles only): Select the policy campaigns from the drop-down menu you'd like the user to have access to.
- Create: Click this button once you've added the details above.
Once you've created the user, you're brought to the User Management page where you can view and manage the user details. From here, you can also see the user's record of compliance tasks and optionally mandate the account to use Multifactor Authentication when logging in. See the Managing Users section below to learn more about the User Management page.
Managing Users
If you're an account administrator and you'd like to update a user's information (i.e., user role(s), email address, etc.) or their account settings (i.e., require Multi-factor Authentication, etc.), you can do so from the User Management page.
Navigate to the User Management page by selecting Settings at the top right of your account, then click Manage Users, as shown below.
Note:
If you're not an account admin and you'd like to update your own account information, click your name at the top-right of your account, then click Profile, as shown below.
The Manage Users table (shown below) offers high-level details about the users in your account.
Manage Users Table
Use arrows in the header columns to sort users in the table. The Updated At column informs you of the last time any changes were made to the user's account (i.e., email address, phone number, user role, etc.). The Status column tells you if the user account is Active, Awaiting Confirmation, or Disabled. See the Confirming User Accounts section below for more information on account confirmation.
Click the disable user icon (
) in the far right column (shown above) to disable the user and transfer their responsibilities to a different user (learn more in the Disabling Users and Transferring Responsibilities section, below). To view or update a user's information, click the update user icon (
) in the far right column to navigate to the User Management page, shown below.
User Management Page
- When your users log into their account they can navigate to their User Profile page and use the Set Up MFA button to connect their account with their authenticator application. For more information on mandating Multi-factor Authentication for all users or individual user accounts, see our Enable and Set Up Multi-factor Authentication article.
- Use the Disable User button to disable the user account and transfer their responsibilities to another user. For more information see the Disabling Users and Transferring Responsibilities section, below.
- This widget provides an overview of the user's responsibilities in your KCM GRC console.
- Scopes: Shows the number of scopes the user has been granted permissions to, if applicable.
- Policy Campaigns: Shows the number of policy campaigns the user has been granted permissions to, if applicable.
- Tasks: Shows the number of tasks the user is currently assigned to as the User Responsible, if applicable. For more information, see: How Do I Create Control Tasks?
- Compliance Percentage: The percentage of this user's tasks that were satisfied on time (when the user was assigned as the User Responsible for the task), if applicable.
- Click the Task History tab to see all of the tasks the user is currently assigned to and the tasks the user has satisfied in the past.
- The Task History table lists the following information for all tasks that the user is the User Responsible for:
- Name: The name of the Control that the task is scheduled for
- Due On: The date the task evidence is (or was) due
- Satisfied On: The date the task was satisfied
- Status: The current task status (Failed, Past Due, Active, Acknowledged, Satisfied, or Closed Late)
- Stage: The current phase of satisfying the task (Awaiting Approval, Complete, or Open). All failed, or otherwise unsatisfied tasks will remain in the Open stage.
- The Task History table lists the following information for all tasks that the user is the User Responsible for:
- The Audit Trail tab logs actions that the user has made in your KCM GRC account.
- User Roles: Use the drop-down menu to add additional user roles. To remove a user role, click the x to the right of the role name.
- Allowed Scopes (Scope Administrator user roles): Use the drop-down menu to search for or select the scopes you'd like the user to have access to.
- Allowed Campaigns (Campaign Administrator user roles): Use the drop-down menu to search for or select the policy campaigns you'd like your users to have access to.
- Require MFA: If you are an account administrator, you can use this slider button to turn on MFA for individual user accounts. Ensure the user has installed an authenticator application before enabling this feature–the user will be required to set up their MFA the next time they log in to their account. For more information see our Enable and Set Up Multi-Factor Authentication article.
Be sure to click the Save button after making changes.
Confirming User Accounts
Once you've created a new user, they must confirm their account before they log in. The user will receive an account confirmation email at the address you specified when creating the user. The user will click the Activate Your Account link in the email, then enter the Activation Code to confirm their account.
If the user did not receive the account confirmation email, be sure they've checked their Spam or Junk folder.
If you need to resend the activation email to your user, see the next section for instructions.
Resending Account Confirmation Emails
If you are an account admin for your KCM GRC platform, and your user has not yet confirmed their account, follow the steps below to resend their account confirmation email from your console.
- Navigate to the User Management page by selecting Settings at the top right of your account, then click Manage Users, as shown below.
- From the Manage Users page, find the user who needs the confirmation email, and click the update user icon in the far-right column (shown below).
- From the User Management page, click the Resend Activation button on the left-hand side, as shown below.
- Select Yes to the Are you sure you want to reconfirm this user? prompt.
The user should receive the activation email momentarily. If the user did not receive the account confirmation email, be sure they've checked their Spam or Junk folder.
Still having trouble? Reach out to support@knowbe4.com for assistance.
Disabling Users and Transferring Responsibilities
If you're a KCM GRC account administrator, you can disable a user to deactivate their account. For example, if one of your compliance users (Contributors or Scope Administrator user roles) leaves your organization, you will need to deactivate the user's account after deciding which of your other KCM GRC users will take over their responsibilities for control tasks.
Note:
In order to transfer responsibilities to another user, the transferee should:
- Have an equal or greater level of user permissions (user role(s)) as the transferring user
- Have the same Allowed Scopes as the transferring user (or have a Contributor user role)
Follow the steps below to disable a user and transfer their responsibilities.
- Navigate to the User Management page by selecting Settings at the top right of your account, then click Manage Users, as shown below.
- From the Manage Users page, find the user you need to disable, then click the disable user icon in the far-right column (shown below).
- When prompted, use the drop-down menu to select a user to transfer responsibilities to.
- Click the Transfer Now button to confirm the responsibility transfer and deactivation of the account.
All one-time and scheduled tasks–of which the disabled user was assigned to as the User Responsible–will be reassigned to the selected user.
Comments
0 comments
Article is closed for comments.