1. Introduction
What Is KnowBe4 and What Does This Integration Do?
KnowBe4 provides security-awareness training and phishing simulations to assess user susceptibility to cyber threats.
This integration specifically connects Hyver with KnowBe4 KSAT — KnowBe4’s Security Awareness Training platform (KSAT stands for KnowBe4 Security Awareness Training).
This integration enables Hyver to:
Generate findings based on phishing simulation results.
Identify compliance gaps discovered during security awareness training.
Help organizations measure and improve security awareness across their workforce.
2. Prerequisites
Before You Start, Make sure you have the following:
Administrator-level at the KnowBe4 platform (you must have admin access)
An API key created in KnowBe4 to be used in Hyver
A base URL created in KnowBe4 to be used in Hyver
Hyver administrator permissions (required to add this integration)
Required IP Addresses
For the integration to work smoothly, you may need to allow traffic from Hyver’s servers in your firewall or network configuration. This ensures that Hyver can securely connect to your environment and perform scans without being blocked.
Depending on your region and the type of scan, add the following IP addresses:
General IPs:
Europe →
18.198.79.197America →
52.1.10.176,35.171.70.87
IPs for Azure and AWS Scans:
Europe →
18.158.77.90America →
34.206.252.13
In most cases, you only need to add the IPs relevant to your region and use case.
Multi-Company Dashboard and Integrations
This section explains how Hyver’s Multi-Company Dashboard works in general, and how integrations behave when used in a Multi-Company setup.
What is the Multi-Company Dashboard?
Hyver’s Multi-Company Dashboard is designed for large enterprises with multiple subsidiaries. It gives you:
A centralized view of cybersecurity risk across the entire organization
Key metrics like exposure, cost of breach, and maturity scores
The ability to switch between subsidiaries and view their individual data
Parent admins and power users can view aggregated and subsidiary-level risk, while detailed findings remain visible only to members of the specific subsidiary
Data that updates in real time
To enable Multi-Company, contact your CYE Technical Account Manager.
How Integrations Work in Multi-Company
Here’s the important part:
Integrations are created only at the subsidiary level
Findings from an integration appear only in that subsidiary’s dashboards and reports
Parent companies cannot create integrations — they can only view the aggregated results
Best Practices for Combining Integrations with Multi-Company
To get the most out of Multi-Company with integrations, we recommend:
Each subsidiary should create its own integration, using credentials that only grant access to data relevant to that subsidiary
In some cases, it’s useful to also have a dedicated “General” company, which holds findings that apply to the entire enterprise and cannot be tied to a single subsidiary
The parent company then combines these insights and metrics from all subsidiaries and the General company — but remember, integrations cannot be connected directly to the parent company.
3. Configuring on the KnowBe4 Side
There are seven steps to creating the integration. We'll walk through each one, with illustrative screenshots.
Click Settings > Integrations and select Add integration on the KnowBe4 tile:
Enter a name for this integration:
Enter the base URL for KnowBe4 (This information should be provided by KnowBe4 directly not by Hyver—so you should already have it on hand):
Generating the API Key in KnowBe4
To enable the integration between Hyver and KnowBe4, you’ll first need to generate an API key on the KnowBe4 side. It’s not complicated, but it’s very important to pay attention to the permissions granted along the way. Follow these steps:
Log in to KnowBe4.
Navigate to
Account Settings → Account Integrations → API:
Enable API Access:
Check whether the toggle for Enable Reporting API Access is already turned on.
If it’s not enabled, switch it on and click Save.
Once saved, a clickable title called Reporting API will appear. This is what allows you to generate the correct API key for the integration.
Open the Reporting API tab:
Click Reporting API:
Stay on this tab and click + Create New API Token to open the API token creation screen:
This is the correct place to generate the API key for the integration.
Select the right product:
If a list of products appears, make sure to select “KnowBe4 KSAT - Read Only” (Just to clarify: KSAT = KnowBe4 Security Awareness Training):
Create the token:
Enter a name for the token:
Click Create Token.
Copy the API key:
Once the token is created, copy it:
4. Configuring in Hyver
Paste the API Key token in Hyver:
Go to Hyver and paste the token into the API field:
Verify the connection:
Click Verify Connection to confirm that Hyver can connect to KnowBe4. When the connection is successful, a confirmation message will appear in green:
Click Save to save the configuration — located at the bottom right of the screen:
That's it.
What Happens After Successful Integration?
When the integration with KnowBe4 is completed successfully, a new asset is automatically generated in Hyver with the following details:
Asset type: Security Awareness
Technology name: KnowBe4
Engagement: Integration with KnowBe4
This technology asset is automatically mapped to the NIST Cybersecurity Framework (CSF). Why it matters? Technologies represent assets such as security tools that:
Help enhance the maturity level of a NIST subcategory
Are factored into Hyver’s maturity level calculation
Some important things to know and be aware of after the integration with KnowBe4 has been completed:
Hyver automatically tests the connection to KnowBe4 when you save the configuration.
Once the integration details are saved, Hyver initiates a data synchronization.
Findings from KnowBe4 are populated in Hyver, and the engagement is named after the integration.
To view the discovered findings from KnowBe4:
→ Go to the Hyver Findings page
→ It is highly recommended to use the Sources filter and filter by KnowBe4 for easier visibility.
5. Viewing Results
Search for Findings by Source
Use the findings filter to filter by various finding fields such as sources or creation date:
For example:
You could select a source such as Hyver or an integration source such as KnowBe4 (if it exists)
Add a creation date filter to refine the output.
If you do not see findings populated after some time, please verify connectivity with KnowBe4.
Collected Endpoints
What are Collected Endpoints?
Collected Endpoints are the specific data points that Hyver gathers from an external platform once the integration is set up. They represent the types of information pulled in, analyzed, and later presented as findings inside Hyver.
Collected Endpoints in the KnowBe4 Integration
From KnowBe4, Hyver collects the following endpoints:
Accounts – Information about the organization’s KnowBe4 account setup.
Users – The list of employees enrolled in security awareness training.
Groups – User groups defined in KnowBe4 (e.g., departments, teams).
Phishing security tests – Results from phishing simulations run on users.
Training store purchases tests – Records of purchased training modules.
Training policies tests – Policies applied to training content and campaigns.
Training campaigns tests – Details about scheduled or ongoing training campaigns.
Training enrollment tests – Which users are enrolled in which training programs.
By collecting these endpoints, Hyver can generate findings that reflect how well users engage with security awareness training and how effective phishing simulations are, providing a clear picture of organizational security awareness.
6. Auto-Fix Statuses
When possible, Hyver automatically updates the status of remediation assets (such as servers or settings) once they are fixed or removed in the source system—no manual updates needed. The finding’s status is determined by its remediation assets. This integration supports Auto-fix for remediation assets.
7. Types of Fetched Entities
KnowBe4 Findings
Findings are added based on data from phishing simulation outcomes and compliance gaps discovered during KnowBe4’s security awareness training in your organization.
Findings are added to the relevant integration engagement:
8. APIs Used
How Is Access Between Hyver and KnowBe4 Established?
The information passes simply through API requests.
The connection is also made using the API key.
9. Deleting the Integration
You can delete or edit the integration with KnowBe4 at any time, as needed:
To Delete the Integration
Following the setup of an integration, you can also choose to delete it:
Click the Delete Integration button
Confirm that you want to delete the integration
When you delete the integration in Hyver:
The connection is immediately terminated
No new data from the deleted integration is ingested or processed
The existing data in Hyver is retained
To Edit the Integration
Following the setup of an integration, you can make changes at any time:
Click the Edit Integration button
Make your changes
Click Save
10. FAQs
What Type of Data Is Collected from KnowBe4?
Users
Groups
Security Tests
Store Purchases
Training Policies
Training Campaigns
Training Enrollments
Accounts
Phishing Security Text Recipients Results
How Often Is the Data Pulled or Refreshed?
Once a day
How Soon Are Results Visible After Data Is Pulled?
Up to 24 hours, divided into two parts:
Collection happens immediately.
For example, if the integration is created at 3 a.m., it will run at 3 a.m.Analysis runs once at midnight.
If the integration is created at 1 a.m., results might take longer.
If it's created at 10 a.m., results may appear within ten minutes.
Can I Re-Run the Integration or Request a Retest?
No, because the integration runs once a day.
Wrap-up
This guide walked you through the complete process of integrating KnowBe4 with Hyver. From setup and authentication to data collection and results analysis. You're now equipped to configure, monitor, and act on KnowBe4 findings directly within Hyver.