KnowBe4 (KMSAT)
KnowBe4 is a comprehensive cybersecurity awareness and training platform that helps organizations educate employees about security threats, providing simulated phishing attacks, security awareness training, and compliance reporting to strengthen human defenses against cyber threats and reduce security risks.
Power end-to-end data operations for your KnowBe4 (KMSAT) API with Nexla. Our bi-directional KnowBe4 (KMSAT) connector is purpose-built for KnowBe4 (KMSAT), making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to KnowBe4 (KMSAT) or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your KnowBe4 (KMSAT) workflows fast, secure, and fully governed.
Features
Type: API
- Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
- Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
- API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
- Request optimization with intelligent batching, retry, and caching to minimize API calls and costs
Prerequisites
Before creating a KnowBe4 (KMSAT) credential, you need to obtain an API token from your KnowBe4 account. The API token is required to authenticate with the KnowBe4 Reporting API.
KnowBe4 API access is available to Platinum or Diamond-level KnowBe4 customers. If you don't have API access, contact your KnowBe4 account representative to upgrade your account.
To obtain your API token, follow these steps:
-
Sign in to your KnowBe4 admin account using your credentials.
-
Click your email address at the top-right corner of the KnowBe4 interface, and select Account Settings from the dropdown menu.
-
In your account settings, navigate to Account Integrations > API.
-
Click on the Product API link to access the API token management page.
-
Click + Create New API Token or Create New API Token to generate a new API token.
-
Provide a descriptive name for the token (e.g., "Nexla Integration") to help identify it later.
-
Click Create Token to generate the API token.
-
After generating the API token, copy it immediately. The API token is typically displayed only once for security reasons and may not be accessible again after you navigate away from the page.
-
Store the API token securely, as you will need it to configure your Nexla credential. The API token provides full access to your KnowBe4 account data, so treat it as sensitive information.
The API token is sent in the Authorization header with the Bearer prefix (e.g., Authorization: Bearer {api_token}) for all API requests to the KnowBe4 Reporting API. The API token authenticates your account and grants access to your KnowBe4 data, including users, groups, training records, and security awareness metrics. The KnowBe4 Reporting API has a daily limit of 2,000 requests plus the number of licensed users on your account. For detailed information about API token setup, authentication, and available API endpoints, refer to the KnowBe4 Reporting API documentation and KnowBe4 API authentication documentation.
Authenticate
Credentials required
| Field | Required | Secret | Description |
|---|---|---|---|
| API Key Value | Yes | Yes | |
| Account Location | No | No | Your KnowBe4 account server location Allowed values: US Server (located at training.knowbe4.com); EU Server (located at eu.knowbe4.com); CA Server (located at ca.knowbe4.com); UK Server (located at uk.knowbe4.com); DE Server (located at de.knowbe4.com) |
Create a credential in Nexla
- After selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.
New Credential Overlay – KnowBe4 (KMSAT)

-
Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.
-
Enter your KnowBe4 API token in the API Key Value field. This is the API token you obtained from your KnowBe4 account settings (Account Settings > Account Integrations > API > Product API). The API token is sent in the
Authorizationheader with theBearerprefix for all API requests to the KnowBe4 Reporting API. The API token authenticates your account and determines what data and operations you can access based on your account permissions.Keep your API token secure and do not share it publicly. The API token provides access to your KnowBe4 account data and should be treated as sensitive information. If your API token is compromised, you should immediately regenerate it in your KnowBe4 account settings. Your KnowBe4 API token can be found in your KnowBe4 account settings (Account Settings > Account Integrations > API > Product API) where you manage API tokens. The API token is sent in the
Authorization: Bearer {api_token}header for all API requests to the KnowBe4 Reporting API. The API token does not expire automatically, but you can regenerate it at any time if needed. The KnowBe4 Reporting API has a daily limit of 2,000 requests plus the number of licensed users on your account. Exceeding this limit will result in a 429 (Too Many Requests) error. For detailed information about obtaining and managing API tokens, API authentication, and available endpoints, see the KnowBe4 Reporting API documentation and KnowBe4 API authentication documentation. -
Select your KnowBe4 account server location from the Account Location dropdown menu. This should match the region where your KnowBe4 account is hosted. The account location determines the API endpoint URL that will be used for all API requests. Available options include:
- US Server (
https://us.api.knowbe4.com) - for accounts located attraining.knowbe4.com - EU Server (
https://eu.api.knowbe4.com) - for accounts located ateu.knowbe4.com - CA Server (
https://ca.api.knowbe4.com) - for accounts located atca.knowbe4.com - UK Server (
https://uk.api.knowbe4.com) - for accounts located atuk.knowbe4.com - DE Server (
https://de.api.knowbe4.com) - for accounts located atde.knowbe4.com
If you're unsure which region your account uses, check the URL of your KnowBe4 account. The region is typically the first part of your KnowBe4 account URL (e.g., if your account URL is
https://eu.knowbe4.com, select the EU Server option). The default value ishttps://us.api.knowbe4.comif no selection is made. - US Server (
-
Click the Save button at the bottom of the overlay. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation.
Use as a data source
To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the KnowBe4 (KMSAT) connector tile, then select the credential that will be used to connect to the KnowBe4 instance, and click Next; or, create a new KnowBe4 (KMSAT) credential for use in this flow.
Endpoint templates
Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common KnowBe4 (KMSAT) endpoints. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below.
Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.
Manual configuration
KnowBe4 (KMSAT) data sources can also be manually configured to ingest data from any valid KnowBe4 Reporting API endpoint, including endpoints not covered by the pre-built templates. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, date/time and lookup macros, path to data, metadata, and request headers.
KnowBe4 Reporting API endpoints follow the pattern {account_location}/v1/<endpoint> (e.g., https://us.api.knowbe4.com/v1/users, /v1/groups, /v1/training/enrollments), where {account_location} is the server location selected on the credential. Responses are typically returned as arrays, so a JSON path of $[*] will extract all items. Pagination uses page and per_page query parameters, starting at page 1 with a default of 100 records per page. The API is subject to a daily limit of 2,000 requests plus the number of licensed users on the account.
Once all of the relevant settings have been configured, click the Create button in the upper right corner of the screen to save and create the new KnowBe4 (KMSAT) data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.