Setting Up Groups
The simplest way to manage SAT is to keep your Groups to a minimum. Your ‘Default Group’ should contain all of your staff, as it can be organized by Department and further sorted by Tags!
We recommend setting up multiple Groups only when you require a different set of access controls, integration settings, or episode schedules for your organization. Each Group has its own unique set of Phishing Campaigns and Episode Schedules, so creating multiple Groups adds additional work for your team.
If you do need to create multiple Groups, you can navigate to the ‘Settings’ tab from the Admin dashboard, select 'Learners' from your Settings menu and select the purple ‘Create Group’ button in the top right corner.
If you have a Group set up, you’re ready to import Learners!
The easiest way to add Learners is to import a supported CSV.
To do this, login to your Admin dashboard and select the gray ‘Export to CSV’ button in the top left corner.
This will download a blank CSV file with the supported column format, enabling you to fill each field with the corresponding data (first and last name, email, department, etc.)
Of these fields, only an email address is required, but we recommend adding first and last names to support the Phishing Simulator in dynamically personalizing every phishing email sent to your learners.
Please note: If you’d like to utilize External Learner Management to import, export and manage your learners in SAT even more efficiently, there are other articles that can walk you through setting up directory sync with services like Microsoft, Google, and Okta
Departments and Tags
If you’re planning to use Departments and Tags to organize your learners, be sure to create them in SAT before importing your CSV. You can only assign Learners to a Department that exists, as the import tool will not create Departments for you.
You can create Departments or Tags by selecting ‘Settings’ at the top of the Admin dashboard, then selecting ‘Learners’ from the Vertical menu. From here, navigate to the ‘Departments’ and/or 'Tags' section to add and customize both Departments and Tags.
It’s important to note that learners can belong to only one Department, but can be associated with many Tags for reporting purposes.
If you later find that you missed a few or need to add more Departments, Tags, or Learners, don’t worry! You can add new Departments and Tags as they become applicable, and Learners can be added individually, or by importing a new CSV file with additional Learners.
Managing Learners in SAT
To manage a Learner individually, select an email address from your list of Learners to view their Profile.
From the Learner’s ‘Profile’ tab, you can update basic account information like name, email address, and modify their Department and Tags.
From the Learner’s ‘Access’ section, you can modify their platform access and change their assigned Group.
From the Learner’s ‘Activity’ tab, you can view all of their activity with SAT including interactions with Phishing Campaigns and completed Episodes within an Assignment.
To make changes to multiple Learners at a time, navigate to the ‘Learners’ tab and select the checkbox at the top of the list. This allows you to update the Active Status of multiple Learners at once.
Creating and Scheduling Assignments
It’s no surprise that the best part about SAT is building and enjoying your annual Episode Schedule! From the mischievous yet adorable DeeDee and Orzo, to colorful heroes like the Toucan Man, your security awareness training program is now full of excitement!
We recommend scheduling Episodes throughout the year(as opposed to several in a single month) to keep security awareness top of mind for your employees.
To build your assignment and schedule, navigate to our Creating a Training Assignment guide for assistance.
Preparing for Your Baseline Phishing Test
Check out our support article What Is a Baseline? for more information about running your first Phishing Campaign!
Once your learners are imported and the schedule is built, DeeDee can go phishing!
Before you start phishing, you’ll need to verify that allowlisting has been set up for your email server.
The idea of a blind or baseline test is to see where your organization currently stands when it comes to defending against phishing attacks and how long it takes to be compromised. After launching your baseline test, you may want to notify your organization that SAT is here to help!
You can hang up posters from the 'Downloads' tab, send an 'Intro to SAT' template that your Customer Success Manager is happy to provide or use any other element suited to help get the word out.
Navigate to the 'Phishing' tab and select Create Campaign to start your phishing test.
From here, you'll want to go ahead and give your Phishing Campaign a title (it can always be modified before launching!) and select 'Create':
You can choose a scenario that catches your eye, filter the list view using the drop-down menu in the left-center of the screen, or search for the specific scenario you're looking for.
Some templates are customizable in that you can offer a Click Only experience, where Learners are taken straight to a recovery training process, or offer a mock Landing Page experience that resembles a real website and will request credentials. In either instance, Learners will have the opportunity to exercise their skills to identify a fake website! You can even send a test email to check it out for yourself before starting your campaign.
Once you select a scenario and customize it to your liking, the next step is to choose your audience.
Maybe you only want Learners in HR or Sales to receive this Phishing Campaign. If so, you can select a specific Department or Tag to target a predetermined group of people within your organization.
Finally, you can designate when you want your campaign to be delivered. You can send all emails Now, on a Scheduled Date, or Over Time, which will randomly deliver the campaign to different Learners across a timeline of your choosing. Right before you send your details to DeeDee, you’ll have the opportunity to name the campaign, add a description, and enable or disable Recovery Training.
For the Baseline test, we recommend disabling Recovery Training so employees won't know they are part of a test. You can turn this back on for any of your other phishing campaigns. confirm the details, and you are cleared for launch!
DeeDee will gather your details and start building your Phishing Campaign. She will also keep you in the loop on the progress of your Campaign, but you can follow along on the dashboard!
Looking for Reports?
Please sign in to leave a comment.