KnowBe4 is a great security awareness and training system commonly hosted by an MSP and used by their clients for training of staff. It is user-friendly, powerful, and built for scale.
First, you will need to complete the New Tenant Domain Account Request form, once that has been processed you will be able to continue with these instructions.
When you receive the KnowBe4 email that the tenant is created, you are ready to configure it
o Log into the KnowBe4 MSP Portal: LINK-REMOVED
o Use the Tech Ops credentials from IT Glue: LINK-REMOVED
o Click on ACCOUNTS from the top menu and then click in the "Search by domain or name" and type the name of the client and press enter
o
Click on the door arrow to open "View
Account as Admin"
o Click on MODSTORE from the top menu, we are going to add a couple example modules from the library:
- Skip the tour, if prompted
- Click in the Search box and type MITNICK 2024 and press enter
- Click on the "2024 Kevin Mitnick Security Awareness Training - 15 minutes" module
- Click on the "Add to Library" button
- Return to the ModStore Browse screen, if needed.
- Click in the Search box again and type ALERT and press enter
- Click on the "Using the Phish Alert Button - Report Suspicious Emails Using Microsoft Outlook" module
- Click on the "Add to Library" button
- return to this area and instructions to add any additional training modules
o Copy to clipboard the administrator email address
· Click on the Import Users tab
· Paste the administrator account into the box shown
· Go to IT Glue and look up the client
· Go to Passwords and search for KnowBe4 Admin - keep this open, we'll return to this soon!
· If no password exists, create the password - complex, 24 characters or more - can use the IT Glue generator, just remove some characters and add in at least three special characters.
· Include the URL as shown below in the example for training.knowbe4.com in all entries. The username will be the "Admin email" created in the DAR setup: REDACTED
· Click the copy to clipboard button for the password
· Click on the "Set Password for Users" box and paste the password into the field
· Then click on the "Import Users" button
· Banner will appear at the top of the screen, click the X to dismiss
· KnowBe4 has a quirk where it times out when the password is reset, to resume click the "Click here for Account Management console" in the upper right of the screen
o We will want to test the credentials and the password reset next
· Return to the clients IT Glue, KnowBe4 Tenant Admin credentials
· Right click on the training.knowbe4.com URL and open it in InCognito/InPrivate mode
· Log into the portal using the clients KnowBe4 credentials
· If prompted for "Set up your account" screen
· First name = REDACTED
· Last name = REDACTED
· Copy/paste password from IT Glue in both fields then click Login
· Acknowledge any EULA or other pop-ups that appear
· Click on USERS once the Dashboard appears
· If need to add users, if users exist continue to next step
· click on the Import Users tab and then click on the CSV Import button
· Upload the completed CSV file by clicking on the Browse button, locating the file on your computer and uploading it. Click on Import Users button when ready.
· Click on Users
·
Scroll down and ensure the "Displaying all
xxx users" is accurate, might have to refresh the screen a few times if there were a large quantity of users added.
o Click on Groups tab - if this is a trial setup, do NOT create the Clickers group as we will not be configuring trainings, skip to the PHISHING configuration section
· Click on "Create New Group" button
· Group name type Clickers and click on Create Group
o Click on TRAINING from the top menu - if this is a trial setup, do NOT configure any Trainings, skip to the PHISHING configuration section
· Click on the Create Training Campaign button
· Campaign Name = 2024 Monthly Clickers Training
· Start Date = choose the date to begin
· Start Time = 9:00 AM
· End Date = click on "Relative Duration" and set to 3 weeks and check the "Allow assignments to be completed after due date" box if not checked.
·
Select content that was added earlier, if not already shown , in our example select the 2024 Kevin Mitnick Security Awareness Training and the Using the Phish Alert Button for Outlook.
·
Click on "Specific Users" button and
add the group "Clickers" to the Enroll Users - DO NOT enroll ALL
USERS!! If 'Clickers' does not exist, return the instructions above for creating the Group - Clickers.
· Add "Clickers" to the Remove Completed Users From box
· Configure Notifications as shown below, clicking SAVE for each entry, click on the "Add Notification" button
· Click on the Create Campaign button to save
o Click on PHISHING from the top menu
· Click on Campaigns tab
· Click on the Create Phishing Campaign button, if needs set up (once created this goes live within minutes!!)
· Campaign Name = 2024 Monthly Phishing Campaign
· Send to = ALL USERS
· Frequency = Monthly (if BTA set to "One Time")
· Start Time = enter the date that the vCIO provided, choose 9:00 AM and the client Time Zone, vCIO can adjust these if needed (if BTA just set time zone)
· Sending Period = Over 3 Business Days (if BTA, choose option to "Send all emails when the campaign starts")
· Confirm Monday through Friday are checked and time is 9:00 AM to 5:00 PM (if BTA this is N/A)
· Track Activity = 3 DAYS
· Template Categories, click in the box and select the following 12 items:
· QR CODE
· REPORTED PHISHES OF THE WEEK
· BANKING AND FINANCE
· BUSINESS
· CURRENT EVENTS
· GOVERNMENT
· HEALTHCARE
· HUMAN RESOURCES
· IT
· ONLINE SERVICES
· PHISHING FOR SENSITIVE INFORMATION
· SOCIAL NETWORKING
· Click on Difficulty Rating and select Moderate, Significant, and Advanced
· Phish Link Domain = employeeportal.net-login.com
· Landing Page = Default Landing Pages
· Add Clickers to = CLICKERS (if trial, leave blank)
· Check the box to "Send an email report to account admins after each phishing test"
· Click on the Create Campaign button to save
