KnowBe4 (KMSAT Reporting) MCP. Audit security scores and training compliance data.

Q: How do I find the overall risk score using getaccountriskscore?

The getaccountriskscore tool gives you the single, aggregated risk score for your entire account. It summarizes performance across training and phishing history.

Q: Can I check the status of a specific user with getuserdetails?

Yes. getuserdetails pulls a complete profile for one user. You can get their name, ID, and current enrollment status in one query.

Q: Which tool should I use to see all available training courses?

Use listtrainingcampaigns. This tool returns a list of all security awareness training campaigns the organization has run or made available.

Q: How do I check if a user belongs to a specific department?

Run listusergroups. This tool specifically lists all groups assigned to a single user, helping you verify their departmental policy coverage.

Q: How do I get the results for the last phishing simulation? listphishingtests?

The listphishingtests tool returns IDs, names, and high-level results for all tests. If you need deep metrics (like click rate), you must use getphishingtestdetails and specify the test ID.

Q: How do I use listusers to get a list of all user IDs and their current status?

The listusers tool provides a list of all user IDs, names, emails, and current status. This lets you audit full user enrollment and see who needs training.

Q: What information does gettrainingcampaigndetails provide about a specific campaign?

gettrainingcampaigndetails returns comprehensive data on a single training campaign. You can review its progress, completion rates, and associated departments.

Q: How do I check which groups a user belongs to using listusergroups?

listusergroups lists all groups assigned to a user. This helps you verify if a user is correctly included in mandatory security policy groups.

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Just plug in your AI agents and start using Vinkius.

KnowBe4 (KMSAT Reporting) MCP Server audits organizational security awareness. Your AI client lists all users, tracks phishing test results, and monitors overall risk scores.

It provides a single view of training compliance, group assignments, and security posture for better risk management.

What your AI agents can do

Get account risk score

Gets the overall risk score for the entire KnowBe4 account.

Get phishing test details

Gets detailed results for a specific phishing test run.

Get training campaign details

Gets specific details for a single security training campaign.

+ 7 more capabilities included

Get the overall account risk score

Retrieves the single, aggregate risk score for the entire KnowBe4 account.

Review phishing test results

Pulls detailed metrics and results for a specific phishing simulation.

Get training campaign details

Provides specific metrics and status for a given security training campaign.

Fetch specific user records

Retrieves all necessary details for one user, including their status and assignments.

List and audit group assignments

Lists all groups defined in KnowBe4, useful for checking policy coverage.

List phishing store results

Retrieves results related to items or content within the phishing store.

List all available phishing tests

Returns a list of test IDs, names, and high-level performance summaries for all phishing simulations.

Ask AI about this MCP

Ask ChatGPT

Ask Claude

Ask Perplexity

Supported MCP Clients

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

+ other MCP clients

Free for Subscribers

Lists all groups assigned to a specific user.

list019d75c2

list users

Lists every user in KnowBe4 KMSAT, providing IDs, emails, and current status.

Choose How to Get Started

Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.

Build Your Own

Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.

Import from OpenAPI, Swagger, or YAML specs
Create Agent Skills with progressive disclosure
Deploy to edge with MCPFusion framework
Built in DLP, auth, and compliance on every call
Real time usage dashboard and cost metering
Publish to catalog or keep private

Start building

Make Your AI Do More

Start with KnowBe4 (KMSAT Reporting), then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.

Use this MCP plus 4,700+ others, all in one place
Add new capabilities to your AI anytime you want
Every connection is secured and compliant automatically
Track usage and costs across all your servers
Works with Claude, ChatGPT, Cursor, and more
New servers added to the catalog every week

What you can do with this MCP connector

Your AI client connects to the KnowBe4 KMSAT Reporting MCP Server to audit your whole company's security awareness. You'll get a single view of user compliance, group assignments, and overall risk. You can use the list_users tool to list every user in KnowBe4 KMSAT, getting their IDs, emails, and current status.

For group coverage, you'll use list_groups to list all groups defined in KnowBe4, and you can run list_user_groups to see which groups are assigned to a specific user. When you want to check a specific person, get_user_details pulls all the necessary information for that user, including their status and assignments.

To see how your company's risk is doing overall, get_account_risk_score retrieves the single, aggregate risk score for the entire KnowBe4 account. If you want to check out your phishing tests, you can use list_phishing_tests to get a list of test IDs, names, and high-level performance summaries for all available phishing simulations.

For deep dives, get_phishing_test_details pulls detailed metrics and results for a specific phishing test run. You can also check out the phishing store using list_phishing_store_results to get results related to items or content within it. To audit your training, you'll use list_training_campaigns to list all available security awareness training campaigns.

For specific training metrics, get_training_campaign_details provides specific metrics and status for a given security training campaign.

How KnowBe4 (KMSAT Reporting) MCP Works

1 Subscribe to the KnowBe4 server and generate an API key in KnowBe4's Account Settings.
2 Enter the API key into the Vinkius configuration panel to link your AI client.
3 Ask your AI client to perform an action, like 'List all users' or 'What is the account risk score?'

The bottom line is, your AI client talks to the KnowBe4 API through this server, letting you run complex security audits without writing code.

Who Is KnowBe4 (KMSAT Reporting) MCP For?

Security Compliance Officers and HR Directors who need to prove due diligence. It’s for the Security Analyst who hates manually clicking through multiple dashboards just to prove that 95% of the company completed the annual phishing training. You need to centralize that risk data, period.

Security Analyst

Uses the server to run scripts that check user enrollment status (list_users) and compare it against training completion rates (list_training_campaigns).

Compliance Manager

Runs reports to prove to auditors that all departments have completed required security training, checking group assignments and overall risk scores.

HR Director

Checks user details (get_user_details) to ensure employees are correctly onboarded and assigned to necessary security groups.

What Changes When You Connect

See the full picture of organizational risk. Running get_account_risk_score immediately shows the aggregated security health across all users.
Quickly audit who needs training. Use list_users to list every employee, then check list_user_groups to verify their assigned departmental groups.
Track phishing performance with detail. Call list_phishing_tests to see all simulations, and then get_phishing_test_details for click/report rates on the worst one.
Verify compliance easily. Run list_training_campaigns to see all available training, and then get_training_campaign_details to pull completion metrics for a specific course.
Audit group policies. Use list_groups to see all defined groups, and then list_user_groups to confirm a specific user belongs to the correct group.
Get specific user data. get_user_details pulls everything you need on a single person, minimizing the need to jump between tabs.

Real-World Use Cases

Annual Compliance Audit

The Compliance Manager needs to prove the company completed its annual security training. They ask their agent to run list_training_campaigns to find the required course, then run get_training_campaign_details for the completion metrics across the whole organization.

Investigating High-Risk Employees

A user's behavior is suspicious. The Security Analyst asks the agent to run list_users to confirm the user exists, then runs get_user_details and list_user_groups to see their profile and what groups they are assigned to. They then check get_account_risk_score to see the impact of their actions.

Reviewing Phishing Campaign Effectiveness

The team ran a new phishing test. The agent runs list_phishing_tests to find the test ID, then calls get_phishing_test_details to pull the exact click rate, report rate, and incident count. This confirms if the latest training worked.

Onboarding a New Department

HR needs to ensure the new department has the right policy coverage. They ask the agent to run list_groups to see all available groups, then check list_user_groups for a sample employee to confirm they are properly assigned to the new department's security group.

The Tradeoffs

Searching for a single user's status

Logging into KnowBe4 and clicking through: Users > Search > Click on User X > Check Status Tab. This takes five clicks and requires manual cross-referencing.

→ Tell your agent to run get_user_details directly. It pulls the user's ID, name, status, and assignments in one go.

Figuring out which training was run

Going to the Reports section and scrolling through dozens of tabs to find the specific campaign name and dates. It’s a time sink.

→ Ask your agent to run list_training_campaigns to see all available campaigns. Then, use get_training_campaign_details to get the metrics for the specific course you need.

Checking multiple test results

Manually comparing the results of the 'Q1' test and the 'Q2' test in different dashboards to see trends. You often miss subtle dips.

→ Run list_phishing_tests to get a list of all tests and their high-level results. You can then drill down into get_phishing_test_details for any specific test ID to track trends.

When It Fits, When It Doesn't

Use this server if your job requires connecting disparate data points: user lists, risk scores, and training compliance metrics. If you're just looking to check one simple thing—like what a single user's name is—you probably don't need this. You need the ability to correlate data. If your goal is to track why the risk score is high (e.g., 'User A failed Test B, and is in Group C'), this is the right tool. If you only need to export a simple list of emails, check a standard directory API instead. This server is for complex, interconnected security audits.

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by KnowBe4. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

VINKIUS INFRASTRUCTURE

Cloud Hosted

Managed infra

V8 Isolated

Sandboxed per request

Zero-Trust Proxy

No stored credentials

DLP Enforced

Policy on every call

GDPR Compliant

EU data residency

Token Compression

~60% cost reduction

How we secure it →

Works with Claude, ChatGPT, Cursor, and more

The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.

This server provides 10 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.

Available Capabilities

get_account_risk_score get_phishing_test_details get_training_campaign_details get_user_details list_groups list_phishing_store_results list_phishing_tests list_training_campaigns list_user_groups list_users

Security compliance shouldn't require jumping between five different KnowBe4 tabs.

Right now, proving compliance means navigating deep into the KnowBe4 platform. You have to click the Users tab to get a roster, then click the Campaigns tab to check completion rates, and maybe jump to the Reporting tab just to find the risk score. It's a mess of tabs and copies-pasted data.

With this MCP server, you tell your agent what you need. It runs the necessary tools—like `list_users` and `get_account_risk_score`—and delivers the compiled report straight back to you. You get the answer, not the navigational headache.

KnowBe4 (KMSAT Reporting) MCP Server: Audit risk and training data.

You stop manually running separate reports for user enrollment, phishing metrics, and group assignments. Instead, you run `list_users` to audit enrollment, then `list_user_groups` to check policy coverage, and finally `list_phishing_tests` to see the actual incident rate.

The data connects naturally. You're building a single, auditable picture of risk that was previously impossible without hours of manual work.

Common Questions About KnowBe4 (KMSAT Reporting) MCP

How do I find the overall risk score using get_account_risk_score? +

The get_account_risk_score tool gives you the single, aggregated risk score for your entire account. It summarizes performance across training and phishing history.

Can I check the status of a specific user with get_user_details? +

Yes. get_user_details pulls a complete profile for one user. You can get their name, ID, and current enrollment status in one query.

Which tool should I use to see all available training courses? +

Use list_training_campaigns. This tool returns a list of all security awareness training campaigns the organization has run or made available.

How do I check if a user belongs to a specific department? +

Run list_user_groups. This tool specifically lists all groups assigned to a single user, helping you verify their departmental policy coverage.

How do I get the results for the last phishing simulation? list_phishing_tests? +

The list_phishing_tests tool returns IDs, names, and high-level results for all tests. If you need deep metrics (like click rate), you must use get_phishing_test_details and specify the test ID.

How do I use list_users to get a list of all user IDs and their current status? +

The list_users tool provides a list of all user IDs, names, emails, and current status. This lets you audit full user enrollment and see who needs training.

What information does get_training_campaign_details provide about a specific campaign? +

get_training_campaign_details returns comprehensive data on a single training campaign. You can review its progress, completion rates, and associated departments.

How do I check which groups a user belongs to using list_user_groups? +

list_user_groups lists all groups assigned to a user. This helps you verify if a user is correctly included in mandatory security policy groups.

How do I find my KnowBe4 Reporting API Key? +

Log in to your KnowBe4 console, go to Account Settings, find the Reporting API section, and click Enable Reporting API to generate your token.

What metrics can I see for phishing tests? +

You can see the number of users who clicked, reported, opened, or entered data in a specific simulation.

Can I see the risk score for a single department? +

By listing groups and then auditing the risk scores of users within those groups, you can aggregate the security posture of specific teams.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.