To keep CybSafeβs implementation smooth, we recommend following the below steps.
These steps are not in a particular order, but rather a great place to find everything to be done.
High level overview
Use our Resources and plan your approach.
As part of this planning define a goal or milestone to achieve with your roll out.
βThis can be as simple as starting a learning campaign and gathering some baseline behaviour data through goals.Configure the general settings and platform configuration before you do anything else.
Run through our technical setup ensuring your users are ready to go with all aspects of the platform.
Provision your users inline with your technical setup in point 4.
Configure your features as part of your plans GUIDE, PHISH & RESPOND.
This may require additional integrations to tools within your infrastructure such as Defender or Teams.
Resources
We have various resources that can help you get up to speed, to ensure you get the most out of the CybSafe platform
Helps you to prioritise the behaviours that will reduce human risk.
Has loads of great resources to help you run your CybSafe onboarding and security campaign!
You can find our Onboarding tracker in our Admin Toolkit. It is a helpful plan that highlights all the tasks you may need to do to get up and running with CybSafe. π
Self service onboarding checklists in our support widget.
Our resources in The behave hub.
Support Widget
Our interactive self service onboarding checklists can be found in our support widget by navigating to Tasks.
Within the support widget customers can also contact us or find help centre articles.
β Planning Phase
It is important to always plan your roll out and align it with your security objectives, ensuring you understand what you want to achieve.
Every organisation is different and have purchased CybSafe for different reasons.
You may want to define some success criteria for your rollout.
This might be to launch to a certain office with 50% of users logging in and completing 3 CybSafe Goals.
Roll out an annual basic training learning campaign to achieve compliance.
Ingest 3rd party behaviour events to understand where you have risk.
Define the timeframe you want to deploy CybSafe.
Is this to a pilot group first or a full roll out depending on the size of your organisation and the complexity of your human risk management approach.
You can phase your roll out in terms of users onto the platform and phase the introduction of features and content they may have available.
We always recommend a small test group to ensure your setup is correct. You will need to define the audience as well as all communications for this group. Everything you do to roll out to this pilot group will be almost identical to a full launch.
Internal communications and metrics are important too!
Communications is key!! This ensures your people understand the requirement, they are aware of CybSafe and who we are.
Without communications you can erode trust in the platform. We have various templates in our Admin Toolkit to help you .Make a decision if you are using CybSafe's auto generated invitations emails or if you would prefer to send these yourself internally. We always advise to use our emails to save you the manual work.
Its also a great idea to start with defining what reporting you need to deliver internally or what metrics are important to you.
This could also have an impact on how you provision your users and what user attributes are sync'd with CybSafe through an integration.
βοΈ General
There are some basic things you need to get right to ensure you set off on the right foot.
All of these items are listed in your General task list that you can find in our support widget under Tasks.
Orientation: Run through our navigation tour which guides you through the various menus of the platform.
βEnsure your organisation details are accurate, read more here.
Organisation name - Ensure this is accurate so users can identify your platform. This name shows in the invitation emails sent to users.
Set your default language - Setting your language on this menu sets the default language for any users you add to the platform moving forward. This can also be configured through automated provisioning.
Supported languages for customisation - As of March 2025 we are working to make customisation easier. Setting your main business language here will will automatically add the languages to any custom goals, nudges, annotations etc. more to come with this feature.
Country - Set your default country, all users created moving forward will have this country set. This can also be controlled by a provisioning integration.
Primary contact details - Ensure these are up to date so we know who to contact. This contact can be shown on an error a user may receive when they have difficulty logging into the platform.
β
Head to Platform settings and ensure these are configured to your liking, read more here.
Early Access - Toggle on Early access to gain access to new features as soon as we release them, think of this as our beta testing of our new features in our final phases of QA.
Additional user information - Opt in to turn on an additional survey for your users to gather more information on a users risk profile.
Security heroes leaderboard - Toggle on the leaderboard for some gamification. You will need the INSIGHTS bolt on for this feature, read more here.
Dont forget to set the validity period to determine how long points count to a hero score.
Branding - Finally head over to the branding tab and make the platform more recognisable as your own. Step by step guide.
β
Learning settings control invitations to the platform and some additional settings only relevant to GUIDE customers
π» Technical setup
There are a few technical steps that you may want to run through depending on how you would like people to access CybSafe or provision your user base.
Allowlisting to ensure our emails are delivered.
Authentication - ensure uses have a seamless log in experience.
Provision users - Ensure your audience is added with the correct attributes to supercharge your reporting capabilities.
Follow the advice below to ensure that you are ready to hit the ground running.
Allowlisting
This is to ensure your users can access the app, our invitation emails are delivered successfully and you can send out phishing simulations.
β
All of our allowlisting advice can be found in the following article.
Access
In terms of accessing our app, this very rarely impacts any customers, however just ensuring app.cybsafe.com is a trusted website is normally sufficient.
Platform emails
We always send our platform emails from one domain, IP address. The simplest step is to add that single IP address to your exceptions list for any tooling that interacts with email deliverability.
Phishing simulations
Again this is very straight forward, however, we appreciate every customers environment is different and has its own complexities.
If you are in doubt, simply add CybSafe to an exception list or policy rule in any of your tools that may intercept or interact with email deliverability.
You can find all of our PHISH IP addresses in the allowlist article. Add these to all tools that may interact with our emails as they hit your infrastructure.
You need to avoid all tools that check links or inspect emails, if an antivirus tool checks for malicious links this will register as a click for the user the email was sent to.
Authentication
Users have two options to gain access to the platform, using a username (email address) and passphrase or via an SSO integration.
We support Microsoft SSO and Google out of the box and the setup is self service via the Identity management page. Okta is also supported although the setup is manual.
You can find all of our information in the article, CybSafe and single sign on integrations.
Good to know
You can use SSO to provision users via just in time provisioning, all you need to do is configure your SSO and share your unique SSO link for CybSafe within your business.
CybSafe recommends
If you are using a provisioning integration to avoid creating duplicates, ensure you use the same attribute in your SSO setup for email that has been selected for your Provisioning attributes.
We also recommend turning off the setting to update users upon login to keep your provisioning integration as the master of your users information.
Provisioning users
For getting your users onto the platform you have four options.
Add individual users manually. - Great for small organisations or getting going really fast with a pilot group.
Add users in bulk via CSV upload. - A great option when you have complex group structure or uploading large volumes of users when a provisioning integration is not an option.
Automate provisioning with a SCIM integration to your directory. - CybSafe recommends!
Utilise just in time provisioning once you have setup your SSO, just share your unique SSO URL.
Good to know!
Its very important to plan what data you want about your users. The groups you build will enable you to assign content to specific groups and report accuratley.
It is really important to think about your user information working back from what you need to report.
Profile information shared with CybSafe can also impact the user experience, such as timezone information. It is used to deliver phishing simulations during the hours you set for delivery for each user location for a global audience.
You can find out more about our user provisioning in the article, How to add users.
Automated provisioning with Entra, Okta or follow our generic advice to connect to any IDP that supports SCIM for provisioning.
β
π GUIDE setup
Follow the below quick steps to get the most out of our GUIDE package
Ensure you have completed all allowlisting activities.
Evaluate all of our learning content to make a decision on what to assign to your people first.
Ensure you annotate our content to suit your internal advise and guidance.
Hot tip: You can also replace our content to make it really custom.
Assign our content using our Learning Campaigns.
Ensure your people are invited to the platform and remind them about outstanding modules.
Review our Advice feature in line with the information you want your people to have access to.
Hot tip: You can unpublish our advice to ensure your people get the help they need when they need it.
Review our default assigned Goals to start tracking your peoples security behaviours.
π§ GUIDE + setup
Follow the below quick steps to get the most out of our GUIDE+ package.
Configure your culture survey settings to measure your people's attitudes and sentiment towards cyber security in your organisation.
Understand what is possible with nudging your users to make better security decisions.
Review our behaviour nudge and alerts template library, decide what you may want to send out.
You may want to setup an integration to Slack or Teams to send nudges and alerts to your users.
Nudges and alerts can be delivered via. few mechanisms; email, Teams, Slack or browser push notifications.
π PHISH setup
Follow the below quick steps to get the most out of our PHISH package.
Ensure you have completed all allowlisting activities.
Review our phishing campaigns setup.
You may want to target specific groups with different campaigns.
Setup any report phishing integrations.
Review the CybSafe simulation template library.
Create any of your own custom phishing simulation templates.
Create any custom landing pages you may want to use.
This is the webpage a user will land on if they click a link in a simulation email. i.e. a fake login page.
Use the CybSafe default Intervention page or create your own.
This is the page your people will view once they have fallen for a phishing simulation. its an opportunity to ensure your people get all the information to help them spot a dangerous email.
β‘οΈ RESPOND setup
Follow the below quick steps to get the most out of our RESPOND package.
Understand our behaviour nudges and alerts and how they can be used.
Review our behaviour nudge and alerts tempalte library, decide what you may want to send out.
Nudges and alerts can be delivered via. few mechanisms.
Email, Teams, Slack or browser push notifications.
Setup any behaviour interventions you may want to go out to your people when the exhibit risky behaviours.
Configure our 3rd party data integrations to collect objective security behaviours form other tools within your infrastructure.
Configure our event based workflows
Congratulations on your successful implementation of CybSafe! πππ₯³