KnowBe4 can be integrated into Secureframe to automate the evaluation and evidence collection of user training records required for many compliance frameworks.
Connecting the Integration
To integrate KnowBe4 with Secureframe, navigate to Integrations and search for "KnowBe4" on the "Available" page and click "Connect". On the connection form, provide your API key, specify your training site, and click "Submit". Secureframe retrieves data from the KMSAT Reporting API - a detailed list can be found at the bottom of this article.
Note: You can only utilize the integration if you are a Platinum or Diamond KB4 customer, as KnowBe4 gates API access to these tiers.
You can access your API key and generate a new key if needed in your KnowBe4 Account Settings under the API section. Your API keys provide access to the data within your KnowBe4 platform and should be kept private. Do not share your API key in publicly-accessible areas.
Set KnowBe4 as a Training Source
To enable the training, please follow these steps:
- Go to the Personnel page.
- Click on the gear icon.
- Navigate to the Onboarding tab.
- Scroll down to find Trainings.
- Select KnowBe4 from the vendor dropdown menu for training campaigns.
Select "KnowBe4" as the vendor for each applicable training. Since users training enrollment is handled within the KnowBe4 system, Secureframe groups are not relevant
Note: You can mix and match training vendors across trainings. As an example, you can use KnowBe4 for Security Awareness Training (Recurring), Security Awareness Training (New Hire), and GDPR Training, and other vendors for other trainings as shown in the image above.
Map KnowBe4 Campaigns to relevant training
Map one or more Campaigns to each training where KnowBe4 is the assigned vendor. Canceled campaigns (status ='canceled') cannot not be selected.
Note: Selecting multiple campaigns for a single training type can be useful in a few scenarios:
- You want to load historical Campaign data into Secureframe for record keeping
- You want to proactively select the next Campaign for that training as shown above in the GDPR Training Example
- You use multiple Campaigns for a given training type. As an example, after a couple of a years, you deprecated an old Relative Duration Campaign that was used to track new hire training in favor for a new campaign. You want to prevent early employees from having to complete this new Campaign.
Note: KnowBe4 and Secureframe strongly recommend using Specific Date Campaigns (ephemeral, there is a start and end date) for Recurring trainings and Relative Duration (ongoing, no end date) Campaigns for New Hire trainings. KnowBe4's Product Team designed these training types exactly for these use cases.
Navigate to each corresponding test and click "Refresh Test".
Training Test Overview
Secureframe has two types of Trainings in Onboarding Settings - each training corresponds 1:1 with a test:
-
Annual Trainings: While not all frameworks specify the exact frequency in which users complete training, "Annual", or once per calendar year, is the minimum standard.
-
Security Awareness Training
-
PCI Training (aka Cardholder Data Training)
-
PCI Secure Code Training
-
etc.
-
-
New Hire Trainings: Certain frameworks require new hires to do training as part of onboarding. New hire training content may or may not be the same as the Annual training content.
-
Security Awareness Training (New Hire)
-
Test Evaluation
To be considered for evaluation, users must be considered auditable - the user is in audit scope and active.
Annual Trainings
Users are evaluated if they are enrolled in at least one mapped Campaign where campaign.status = 'created', 'enrolling', 'in progress', 'completed' and that Campaign's end date resides in the current calendar year OR has not ended.
Evaluated users must complete at least one mapped campaign per calendar year.
Note: Secureframe only evaluates users that have been enrolled in at least one Campaign within the current calendar year to handle certain edge cases.
New Hire Trainings
Users are evaluated if they are enrolled in a Campaign where status = 'created', 'enrolling', 'in progress', 'completed'.
Evaluated users must complete at least one mapped campaign a single time.
Employee Onboarding
In Employee Onboarding, employees can view Campaigns that they are enrolled in. Clicking a Campaign redirects the users to the KnowBe4 console to complete training.
Supported Resources and Attributes
Resources | Attributes |
---|---|
Users |
|
Account |
|
Training Campaigns |
|
Training Enrollments |
|
Permissions, Fields Pulled, Controls, and Automated Tests
- Click the provided link or navigate to the “Integration” page.
- Select the “Available” tab.
- Search for the integration.
- Click “View Details”.
Frequently Asked Questions (FAQ)
Some of my KnowBe4 users are pulling in correctly, but a handful of individuals are marked as ‘non-compliant’ even though in KnowBe4, they have completed the training?
- It is possible that those users have additional applications that are marking them as inactive. For example, a user might have an Active status from Office 365, but a inactive status from Slack. The KnowBe4 integrtaion is looking for completed training in both accounts.
- In this scenario, you made need to unlink the accounts on the backend and place them into a "dummy" non-personnel account. That way they are kept out of scope and will not automatically re-link themselves to the users.
We have an integration with knowBe4 and active campaigns, can I set those as the trainings my users take through secure frame personnel portal, or are the only trainings available from Secureframe?
- Yes, if you are using our KnowBe4 integration, there will be a link available within the Employee portion of the platform that will redirect the users to the training campaign in KB4.
Comments
0 comments
Article is closed for comments.