Skip to main content

Authorization

Follow this guide to create a new KnowBe4 (KMSAT) credential that will allow Nexla to authenticate to and exchange data with your KnowBe4 account.
knowbe4_kmsat_auth.png

KnowBe4 (KMSAT)

Prerequisites

Before creating a KnowBe4 (KMSAT) credential, you need to obtain an API token from your KnowBe4 account. The API token is required to authenticate with the KnowBe4 Reporting API.

KnowBe4 API access is available to Platinum or Diamond-level KnowBe4 customers. If you don't have API access, contact your KnowBe4 account representative to upgrade your account.

To obtain your API token, follow these steps:

  1. Sign in to your KnowBe4 admin account using your credentials.

  2. Click your email address at the top-right corner of the KnowBe4 interface, and select Account Settings from the dropdown menu.

  3. In your account settings, navigate to Account Integrations > API.

  4. Click on the Product API link to access the API token management page.

  5. Click + Create New API Token or Create New API Token to generate a new API token.

  6. Provide a descriptive name for the token (e.g., "Nexla Integration") to help identify it later.

  7. Click Create Token to generate the API token.

  8. After generating the API token, copy it immediately. The API token is typically displayed only once for security reasons and may not be accessible again after you navigate away from the page.

  9. Store the API token securely, as you will need it to configure your Nexla credential. The API token provides full access to your KnowBe4 account data, so treat it as sensitive information.

The API token is sent in the Authorization header with the Bearer prefix (e.g., Authorization: Bearer {api_token}) for all API requests to the KnowBe4 Reporting API. The API token authenticates your account and grants access to your KnowBe4 data, including users, groups, training records, and security awareness metrics. The KnowBe4 Reporting API has a daily limit of 2,000 requests plus the number of licensed users on your account. For detailed information about API token setup, authentication, and available API endpoints, refer to the KnowBe4 Reporting API documentation and KnowBe4 API authentication documentation.

Create a KnowBe4 (KMSAT) Credential

  • To create a new KnowBe4 (KMSAT) credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – KnowBe4 (KMSAT)

Knowbe4Cred.png

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

API Key Authentication

KnowBe4 uses API Key authentication for all API requests. The API token is sent in the Authorization header with the Bearer prefix to authenticate API requests to the KnowBe4 Reporting API.

  1. Enter your KnowBe4 API token in the API Key Value field. This is the API token you obtained from your KnowBe4 account settings (Account Settings > Account Integrations > API > Product API). The API token is sent in the Authorization header with the Bearer prefix for all API requests to the KnowBe4 Reporting API. The API token authenticates your account and determines what data and operations you can access based on your account permissions.

    Keep your API token secure and do not share it publicly. The API token provides access to your KnowBe4 account data and should be treated as sensitive information. If your API token is compromised, you should immediately regenerate it in your KnowBe4 account settings. Your KnowBe4 API token can be found in your KnowBe4 account settings (Account Settings > Account Integrations > API > Product API) where you manage API tokens. The API token is sent in the Authorization: Bearer {api_token} header for all API requests to the KnowBe4 Reporting API. The API token does not expire automatically, but you can regenerate it at any time if needed. The KnowBe4 Reporting API has a daily limit of 2,000 requests plus the number of licensed users on your account. Exceeding this limit will result in a 429 (Too Many Requests) error. For detailed information about obtaining and managing API tokens, API authentication, and available endpoints, see the KnowBe4 Reporting API documentation and KnowBe4 API authentication documentation.

  2. Select your KnowBe4 account server location from the Account Location dropdown menu. This should match the region where your KnowBe4 account is hosted. The account location determines the API endpoint URL that will be used for all API requests. Available options include:

    • US Server (https://us.api.knowbe4.com) - for accounts located at training.knowbe4.com
    • EU Server (https://eu.api.knowbe4.com) - for accounts located at eu.knowbe4.com
    • CA Server (https://ca.api.knowbe4.com) - for accounts located at ca.knowbe4.com
    • UK Server (https://uk.api.knowbe4.com) - for accounts located at uk.knowbe4.com
    • DE Server (https://de.api.knowbe4.com) - for accounts located at de.knowbe4.com

    If you're unsure which region your account uses, check the URL of your KnowBe4 account. The region is typically the first part of your KnowBe4 account URL (e.g., if your account URL is https://eu.knowbe4.com, select the EU Server option). The default value is https://us.api.knowbe4.com if no selection is made.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.