By Chaim Sanders
KnowBe4 is a widely used SaaS tool that provides training including security awareness training. Its most annoying feature is that they purposely cripple their product at the ‘Silver’ and ‘Gold’ level, to a point that it becomes frustrating to use.
One of the things that is most annoying is that they won’t allow AD sync’d users to automatically be placed in a KnowBe4 ‘group’ upon being added from AD. They ‘solve’ this at the platinum level with ‘smart groups’ but IMHO a basic feature (new employee training) that is required to meet almost every compliance requirement should not be a pay-to-play feature.
With Active Directory Integration turned on and working it can seem laborious to not be able to provide training only to newly synced users, but there is a solution.
- You’ll want to have a group that all new members who need training are put into. In most orgs this is the same as all new users and so ‘Domain Users’ becomes the logical choice.
- To include ‘Domain Users’ you simply have to add it to the ‘includedGroups’ option within the ADISync configuration file for your domain.
- Create a training module in KnowBe4 with the trainings you want. You probably don’t want an end date on this (sorry end-date reminders won’t work). Don’t enable any notifications! Make sure that you select the ‘Domain Users’ group and select the ‘Automatically enroll users that are added to the above groups in the future’ (this last step is the part that makes this work).
- This will create a training routine everyone is enrolled in with no notifications, perfect!
- Once the training and under way go into it and select all the existing users on all the training modules and select ‘Pass Selected’,
- Now go back to the training screen and ‘Edit’ the training module adding notifications.
Now whenever you add new users to your AD box it should add them to this new employee security training and there is no need to spend more money to get features you don’t really need. Happy training!