# KnowBe4 (KMSAT) MCP

> KnowBe4 (KMSAT Reporting) provides instant visibility into corporate security risk and training compliance. Connect this MCP to audit user enrollment, track phishing test results, and monitor individual and organizational risk scores across your entire employee base.

## Overview
- **Category:** human-resources
- **Price:** Free
- **Tags:** phishing-simulation, security-awareness, risk-assessment, compliance-training, user-auditing

## Description

Need a real-time picture of how secure your organization actually is? This MCP connects your AI agent directly to KnowBe4 KMSAT data. Instead of wading through dozens of dashboards, you can ask natural language questions about your security posture—and get specific answers back.

It lets you audit user enrollment status and check group assignments across different departments. You can track phishing tests, pulling out metrics like click rates or report rates to see if training is actually sticking. Furthermore, it gives you access to individual and organization-wide risk scores, helping you flag high-risk users immediately. If you're using Vinkius, this MCP lets your agent pull all that compliance data together, so you can audit training campaign progress against specific user groups and departments without ever leaving your AI client.

## Tools

### list_users
Retrieves a complete list of all users in KnowBe4 KMSAT for enrollment checks.

### get_user_details
Pulls specific, detailed information about an individual user's account status.

### list_groups
Provides a list of all organizational groups defined within KnowBe4 for policy review.

### list_phishing_tests
Returns high-level details and names from recently conducted phishing security tests.

### get_phishing_test_details
Gets the full, detailed results for a specific phishing test instance.

### list_training_campaigns
Lists all available security awareness training campaigns to audit compliance scope.

### get_training_campaign_details
Retrieves the specific completion and progress details for a chosen training campaign.

### list_phishing_store_results
Lists results related to items found within the phishing store catalog.

### get_account_risk_score
Retrieves the overall, aggregated risk score for the entire KnowBe4 account.

### list_user_groups
Lists all user groups assigned to a particular individual.

## Prompt Examples

**Prompt:** 
```
Show me the overall risk score for my KnowBe4 account
```

**Response:** 
```
The aggregated risk score for your account is currently 42.5 (Medium). This is based on phishing performance, training completion, and overall user behavior.
```

**Prompt:** 
```
List the results of our last phishing simulation
```

**Response:** 
```
Retrieving results for the latest simulation: 'Q1 Compliance Check'. Results: 5% Click Rate, 85% Report Rate, and 0 Data Entry incidents. This is a significant improvement from last month.
```

**Prompt:** 
```
Which users have the highest risk scores?
```

**Response:** 
```
I've identified 5 users with a High Risk Score (>80). These users have failed multiple phishing tests recently. Would you like to see the list and their departments?
```

## Capabilities

### Audit User Enrollment Status
Get a list of every employee in the system along with their current enrollment status for mandatory training.

### Track Phishing Test Performance
Pull detailed results from past phishing simulations, including specific click rates and reporting statistics.

### Assess Organizational Risk Scores
Retrieve the overall account risk score and drill down to identify which individuals carry the highest security risks.

### Review Training Compliance History
Audit specific training campaigns to determine department-wide completion rates and compliance status.

### Understand Group Policies
List all defined user groups and see which assignments are currently active within the system.

## Use Cases

### Identifying High-Risk Users After a Policy Change
A Security Analyst needs to know who in Finance failed the last phishing test and who also hasn't completed the new GDPR training. They prompt their agent: 'Show me all users with high risk scores who are in the Finance group and whose status is not complete for the GDPR module.' The agent uses get_account_risk_score, list_user_groups, and get_training_campaign_details to provide an immediate, actionable list.

### Preparing for a Board Audit
A Compliance Officer needs to prove that 95% of employees completed the mandatory annual security training. They prompt: 'What is the completion rate for all users across Department X?' The agent calls list_users and then checks get_training_campaign_details, delivering a precise percentage ready for presentation.

### Investigating Phishing Trends
The team noticed an uptick in credential harvesting attempts. A Security Analyst asks: 'What were the results of our last two phishing tests?' The agent uses list_phishing_tests and get_phishing_test_details to compare click rates, helping them prove if the recent training was effective.

### Onboarding a New Department
An HR Manager needs to ensure an entire newly formed department is correctly assigned and trained. They prompt: 'List all users in the new Sales group and confirm their enrollment status for mandatory modules.' The agent uses list_users and list_user_groups to validate coverage instantly.

## Benefits

- Consolidate security metrics into a single chat session. Instead of jumping between user lists, test results, and compliance dashboards, your agent pulls all the required KnowBe4 KMSAT data instantly.
- Pinpoint high-risk employees immediately. Use get_account_risk_score to find out which users are flagged with critical scores, allowing you to focus remediation efforts where they matter most.
- Verify training coverage across departments. You can list_users and then use list_user_groups to confirm that specific user populations have the correct security policies applied.
- Measure the effectiveness of simulations. By checking detailed results via get_phishing_test_details, you can quickly calculate true click-through rates and track improvements month over month.
- Automate compliance reporting. You don't have to manually run list_training_campaigns every quarter; your agent gathers all necessary completion details for audit readiness.

## How It Works

The bottom line is you can talk to KnowBe4's compliance data directly through your agent, instead of logging into multiple dashboards.

1. Subscribe to this MCP, then log into KnowBe4 and generate an API Key from the Account Settings > Reporting API section.
2. Input your unique key into the Vinkius configuration panel for this MCP.
3. Use natural language prompts in your AI client to query specific security metrics or user lists.

## Frequently Asked Questions

**How do I check if a user completed mandatory training using KnowBe4 (KMSAT) MCP?**
You can use list_training_campaigns to find the right module, and then get_training_campaign_details to see individual progress. This verifies compliance status quickly.

**Can I get the current organizational risk score with KnowBe4 (KMSAT) MCP?**
Yes, you use get_account_risk_score. It gives you a single number that aggregates all security performance data for your entire account.

**What does list_users do in the KnowBe4 (KMSAT) MCP?**
list_users pulls a comprehensive roster of everyone in your system, including their ID, name, and current enrollment status, which is vital for initial audits.

**Does this MCP help me compare phishing results across groups?**
Yes. You can use list_groups to identify the group boundaries, and then correlate that with get_phishing_test_details to see if specific departments performed differently during a test.

**Is KnowBe4 (KMSAT) MCP better than manual reporting?**
It's vastly superior. Manual reports are static and require stitching together data from multiple sources; this MCP provides real-time, conversational analysis of the same metrics.