KnowBe4’s fair usage policy ensures that all customers can access and utilize our products equitably. Our fair usage policies differ by product and feature, so refer to each section below for more information on the functionality guidelines and conditions for each product.

KnowBe4 Platform Fair Usage Policies

See the sections below for more information on fair usage policies for the KnowBe4 platform.

Uploaded Content

You can add up to 200 custom courses to your account. If your account exceeds this limit, a banner will display on your console. Each course can contain as many language files as your organization needs. See the Frequently Asked Questions (FAQ) section of our Upload Custom Training Content article for more information.

Active Directory Integration (ADI) Sync Frequency

Our ADI feature includes a Test Mode setting to help you configure and verify your user provisioning settings before performing a live sync. The sync frequency depends on whether Test Mode is enabled for your account.

While Test Mode is enabled, you can start and stop the ADI service as frequently as you would like. This setting allows for flexible testing and configuration.

Once Test Mode is disabled, your ADI sync request frequency is limited to once every six hours. If you request a sync during this six-hour window, the new sync will fail to start. The sync attempt won’t appear in the Users > Provisioning subtab, but the exact error details will be available in your log files.

See our FAQ: Active Directory Integration (ADI) article for more information.

System for Cross-domain Identity Management (SCIM) Sync Frequency

KnowBe4 has a 15-minute global sync limit to avoid overloading the service queue. If a sync has occurred in the last 15 minutes, any new request will be skipped. See the Frequently Asked Questions (FAQ) section of our SCIM Configuration Guide for more information.

REST-Based Reporting API

For our REST-Based Reporting APIs, there are daily request limits and burst request limits. These limits are a standard practice for enterprise API applications and are in place to manage server resources effectively. By having limits, we prevent system overload and ensure stable, reliable performance for all our customers.

Daily Reporting API Request Limits

Daily reporting requests are limited to 2,000 requests plus the number of licensed users per day, with a limit of four requests per second. This limit affects all customers.

The API daily limit will reset around 24 hours from the first API request.

Burst Reporting API Request Limits

For more frequent, smaller requests, reporting requests are limited to a maximum of 50 requests per minute. This limit affects all customers.

If a user exceeds 50 requests per minute, a rate limit will be imposed for five minutes. The rate limit resets five minutes after the first request.

Practical Implications and Error Handling

To ensure successful data retrieval, we recommend building these API limits into any automated reporting or data integration workflows. All automated tools should be designed to use short bursts of requests rather than sustained, high-volume pulls.

If your reporting requests exceed these limits, the REST API will return an error response, and the request won’t be processed. Your workflows should include logic to handle these error responses.

For more information, see our Reporting API Overview article.

User Event API Limits

User Event API calls can be used to add custom events to a user's timeline or to pull existing event data for a user. Usage of the User Event API is limited to 10 calls per licensed user per day.

If your requests exceed this limit, the API will return an error response, and the request won't be processed. Your workflows should include logic to handle these error responses.

For more information, see our Reporting API Overview article.

SecurityCoach Integration Connections

To ensure optimal performance and system stability, integration connection limits for SecurityCoach are based on your specific subscription tier:

• SecurityCoach: We recommend limiting your account to three external vendor connections for optimal performance.
• SAT Advanced: Customers may configure up to five integration connections.

To maintain a high-quality experience and system scalability for all customers, KnowBe4 reserves the right to review, disconnect, or sever integration connections if excessive usage is detected.

This policy applies across all subscription tiers and may be triggered by the following scenarios:

• An account generates over 100,000 events per day.
• Excessive traffic or event volume originates from a specific connected integration.
• Adverse system performance is identified that impacts other customers on the platform.

Content Creation Agent

The Content Creation Agent lets admins build complete, text-based training courses using AI. See the sections below for information on fair usage limits for this feature.

For more information about the Content Creation Agent, see our Content Creation Guide.

Course Generation Limits

You can generate up to 25 courses per year using the Content Creation Agent. This limit resets annually on your subscription renewal date.

Once you've created 15 courses, a notification will appear in your console to let you know how many courses remain in your allowance. Once you reach the 25-course limit, you won't be able to generate additional courses until your next subscription year.

Keep the following in mind:

• Translated versions of a generated course don't count toward the 25-course limit.
• Deleting a previously generated course won't restore a generation slot for the current year.

AI Usage and Customer Responsibility

The Content Creation Agent uses artificial intelligence (AI) to generate training content. Because AI-generated content can be inaccurate, incomplete, or inappropriate, you're solely responsible for reviewing and approving all AI-generated content before distributing it to your users. Access to this feature and any content it generates is limited to your active subscription and authorized users.

Graph API Usage

Our Graph API is designed for your internal use to manage your account programmatically. You can use it to create training and phishing campaigns, create and delete users, pull campaign and user data, and more.

To ensure stable performance and fair resource allocation for all customers, we have soft limits in place for Graph API usage. These limits are:

• 10 requests per licensed user on your account per day
• Four requests per second
• Query complexity limitation of 150

For more information, see our KnowBe4 Graph API Overview article.

Protect

To ensure service stability, limits are in place for the number of emails that can be encrypted.

Encryption Key Limits

The number of encryption keys that can be generated is limited to 25,000 per licensed user within 24 hours. If this limit is reached, any additional emails sent during those 24 hours will be delivered but won’t be encrypted.

Web Access Sending Limits

For emails sent directly from our Web Access portal, the sending limits are based on a 24-hour timeline and differ for free and paid users.

Free users can send up to 10 encrypted emails. If a free user receives and opens an encrypted email sent by a paid user, their sending limit for that 24-hour period will increase to 50 encrypted emails.

Paid users can send up to 200 encrypted emails.

Fair Usage Notification Process

Our goal is to work with you to ensure your account operates within these guidelines. If an account review is required due to usage exceeding the limits in this policy, we’ll follow a clear communication process as outlined below:

• KSAT: If an account review is necessary, your Customer Success Manager will notify you by email before any action is taken.
• SecurityCoach: If an integration requires review, you’ll be notified through the critical alert system in your console. For more information, see the Notifications and Alerts section of the Personal Settings Guide. For any further discussion, your Customer Success Manager will work with you to resolve the issue.

If you would like more information about KnowBe4’s fair usage policies or have any questions, please contact your Customer Success Manager or our support team support team (link opens in new window).