In SecurityCoach, user mapping can be used to link detected behaviors to specific users. In the KnowBe4 Security Awareness Training (KSAT) console, users are automatically mapped to their email addresses. Depending on your integrated security vendors, you may also need to map users to other identifiers, such as their hostname or username. We recommend mapping users by configuring automated user mapping rules. You can also upload a CSV file to map users manually, or use both methods together. SecurityCoach also provides mapping recommendations for you to review.

To learn how to map users by configuring user mapping rules or uploading a CSV file, see the subsections below. For general information about SecurityCoach, see our SecurityCoach Product Manual.

Configuring User Mapping Rules

User mapping rules are used to automatically map your users based on data from your integrated vendors and the KSAT console. We offer a variety of system user mapping rules that are enabled by default, and you can also create your own custom rules.

To create and manage your user mapping rules, follow the steps below:

1. Log in to your KSAT console.
2. Navigate to SecurityCoach > Setup > User Mapping Setup.
3. Select Configure User Mapping Rules.

The User Mapping Rules page includes the System Rules section and Custom Rules section. To learn more about these user mapping rules sections, see the article subsections below.

Custom User Mapping Rules

Use the Custom Rules section to create new custom user mapping rules and view your existing custom user mapping rules. To learn more, see the screenshot and list below:

1. +Create Custom Rule: Select this button to open the Create New Rule pop-up window and create a new custom rule. For more information, see the Creating a New Custom Rule section below.
2. Toggle: Select this toggle to enable or disable an existing custom rule.
3. Delete: Select the trashcan icon to delete an existing custom rule.

Creating a New Custom Rule

Create a new user mapping rule by selecting your criteria and selecting Create Rule. For more information on custom rule options, see the screenshot and list below:

1. Vendor criteria: Select the security vendors this rule should apply to.

   Tip:When selecting a vendor, select All Vendors if the rule should apply to all vendors.
2. Identifier criteria: Select which security vendor identifier to map.
3. Operator criteria: Select if the identifier is the same as or contains the matching KnowBe4 User Data Field.
4. KnowBe4 User Data Field: Select the user data from KnowBe4 to map.
5. Add Field: Add your selected criteria to the rule.
6. Cancel: Cancel the creation of a new custom rule.
7. Create Rule: Confirm your configuration and create the new custom rule.

System User Mapping Rules

Use the System Rules section to view built-in system user mapping rules. To enable or disable a system rule, select the toggle to the left of the rule. To view current System Rules, see the screenshot and table below:

Uploading a User Mapping CSV File

To map your users using a CSV file, you must use our provided CSV file template or your own custom CSV file:

• To use our downloadable CSV file template, log in to your KSAT console and navigate to SecurityCoach > Setup > User Mapping Setup > User Mapping CSV. Then, select Example CSV to download the template.

• To use a custom CSV file for import, see the required and optional CSV file fields in the User Mapping CSV File Fields section of this article.

  Important:The email addresses in your CSV file must exist in the Users tab of your KSAT console. To include a user whose email address isn’t in the Users tab, you will need to add that user to your console before uploading a CSV file.

Once you have prepared a CSV file for import, follow the steps below to import the CSV file and map your users:

1. Log in to your KSAT console.
2. Navigate to SecurityCoach > Setup > User Mapping Setup.

3. Select User Mapping CSV to open the Upload a CSV File page.

   

4. Select Browse and choose your CSV file.
5. Select Upload CSV.

User Mapping CSV File Fields

To map your users with a custom CSV file, first fill out the file with information about your users. For more information about available field types, see the table below:

Using the Unmapped Vendor Data Report

The Unmapped Vendor Data Report displays unmapped event and identifier data from your vendors. These are events and identifiers from your integrated vendors that are not currently mapped to a user in your KSAT console. You can use this information to map new users or update the mapping for existing users, then rerun user mapping to connect the events to users.

To use the Unmapped Vendor Data Report to display unmapped events or unmapped identifiers, see the subsections below.

Unmapped Events Report Type

To view Unmapped Events in your Unmapped Vendor Data Report, see the steps below:

1. Log in to your KSAT console
2. Navigate to SecurityCoach > Setup > User Mapping Setup.

3. In the Reports section, select Unmapped Vendor Data Report.

   

4. From the Report Type filter, select Unmapped Events. For more information about the Unmapped Events report type options, see the screenshot and list below:

   

   1. Report Type: Select between displaying Unmapped Events data or Unmapped Identifiers data.

   2. Vendor: Select one or more vendors to display event data for.

   3. Date Range: Select the date range to display data for.

   4. View Report: Generate report data from your selected criteria.

   5. Generate CSV: Generate a CSV file of the report.

   6. Add or Remove Columns: Customize which columns are displayed in the table.

   7. Rerun Event Mapping: Rerun user mapping and map the events to users.

      Tip:We recommend mapping additional users before selecting this button.

   8. View Event Mapping Reruns: Click this button to view your history of user mapping reruns.

Unmapped Identifiers Report Type

To view the Unmapped Identifiers report type in your Unmapped Vendor Data Report, see the steps below:

1. Log in to your KSAT console.
2. Navigate to SecurityCoach > Setup > User Mapping Setup.

3. In the Reports section, select Unmapped Vendor Data Report.

   

4. From the Report Type filter, select Unmapped Identifiers. For more information about the Unmapped Identifiers report type options, see the screenshot and list below:

   

   1. Report Type: Select between displaying Unmapped Events data or Unmapped Identifiers data.

   2. Vendor: Select one or more vendors to display event data for.

   3. Date Range: Select the date range to display data for.

   4. Identifier Type: Select the type of vendor identifier to display data for.

      Note:An Identifier Type must be selected to generate unmapped identifier report data.

   5. View Report: Generate report data from your selected criteria.

   6. Generate CSV: Generate a CSV file of the report.

   7. Add or Remove Columns: Customize which columns are displayed in the table.

   8. Rerun Event Mapping: Rerun user mapping and map the events to users.

      Tip:We recommend mapping additional users before selecting this button.

   9. View Event Mapping Reruns: View your history of user mapping reruns.

Once you have generated the Unmapped Identifiers report type data, you can also connect these identifiers to your users. To connect unmapped vendor identifiers to your KSAT users from the Unmapped Identifiers report type page, see the steps below:

1. Under the Identifier table column, navigate to the identifier you wish to map and select + Connect KSAT User Email under the identifier.

   

2. A Connect KSAT User Email pop-up window will open. From this pop-up window, use the KSAT Email Address field to search for the KSAT user you wish to connect to the vendor identifier.

   

   Tip:To view and select from a drop-down menu containing all your users, select the arrow on the right side of the KSAT Email Address field.
3. Select OK to confirm.

Mapping Recommendations

SecurityCoach makes recommendations for mapping your KSAT users to various identifiers. To view your recommendations, use the Automatic Device Discovery feature, our user mapping recommendations, and the Discovered Users Report.

For more information about these recommendation options, see the subsections below.

Automatic Device Discovery

The Automatic Device Discovery feature automatically maps users to devices using the data from your integrated vendors. You can then review these mappings on the User Mapping View page.

To enable the Automatic Device Discovery feature, follow the steps below:

1. Log in to your KSAT console.
2. Navigate to SecurityCoach > Setup > User Mapping Setup.

3. Enable Automatic Device Discovery by selecting the toggle on the right side of the page.

   

User Mapping Recommendations

Our user mapping recommendations help map your users to various identifiers. You can accept or reject these recommendations.

To review your user mapping recommendations, follow the steps below:

1. Log in to your KSAT console.
2. Navigate to SecurityCoach > Setup > User Mapping Setup.
3. From the menu on the left side of the page, select User Mapping Setup.
4. Select User Mapping Recommendations. For more information about your user recommendation options, see below:

1. Search: Filter the list by first name, last name, or email.
2. + Filters: Filter the list of recommended mappings by Active Users, Archived Users, or Confidence Score.
3. Approve Selected: Approve the selected mappings in the table.
4. Reject Mapping: Reject the selected mappings in the table.

5. User Mapping Recommendations table: This table lists mapping recommendations by Confidence Score. The Confidence Score is a number between 0 and 100, with higher scores indicating a greater confidence that the match is correct. For each recommendation, you can see the email, first name, last name, status, and Confidence Score of the email being recommended to be mapped to the alias.

   Note:An alias may have more than one recommendation available.

Discovered Users Report

The Discovered Users Report displays users who might not yet be in your KSAT console, based on data from your integrated vendors. This report is enabled by default.

To view the Discovered Users Report, follow the steps below:

1. Log in to your KSAT console.
2. Navigate to SecurityCoach > Setup > User Mapping Setup.
3. Select Discovered Users.

Viewing Your Mapped Users

Once you have mapped your users, you can view your mappings at any time. To view your user mappings, follow the steps below:

1. Log in to your KSAT console.
2. Navigate to SecurityCoach > Setup > User Mapping Setup.
3. Select the Review Mapped Users button. For more information about the fields on this page, see the screenshot and list below:

1. Search: Filter the user list by keyword.
2. Show/Hide Columns: Select the gear icon to show or hide columns in the table.
3. This table displays your current user mappings.

4. Edit: Select this pencil icon to open the Mapped User pop-up window. This pop-up window is used to add, remove, and edit existing mappings for the user.