What Living Security needs
Scopes: None to configure — KnowBe4 Reporting API tokens are read-only by design and are not scoped. The token grants read access to users, training enrollments, and phishing security test results, which is exactly what the sync reads.
Required role: Account Admin in KnowBe4 (only account administrators can access Account Settings → API)
Prerequisites
- You must be signed in to your KnowBe4 console with an Account Admin role. Only account administrators can access Account Settings → API to enable the Reporting API and generate tokens.
Part A — In KnowBe4
Your KnowBe4 administrator completes these steps.1
Enable the Reporting API and generate a token
- Sign in to your KnowBe4 console.
- Click your account name in the top-right corner and select Account Settings.
- In the left navigation, select API.
- Enable the Reporting API if it is not already enabled, then generate a new API token.
Living Security Platform) if your console prompts for one.The Reporting API is read-only. It exposes users, training enrollments, and phishing security test results — the data Living Security ingests for scoring and reporting. No write access is required.
2
Add the Living Security egress IPs to the Allowed IP Addresses list
KnowBe4 lets you restrict Reporting API access to a specific set of source IP addresses. This setting lives in the same place as the token:
- In your KnowBe4 console, go to Account Settings → API → Allowed IP Addresses.
- Add each Living Security egress IP range for your region to the allowlist.
Living Security’s egress IP ranges can change when infrastructure is updated. If data syncs begin failing after previously working, verify the Allowed IP Addresses list is current and add any new ranges.
3
Identify your regional Reporting API host
KnowBe4 serves the Reporting API from a region-specific host. The value you enter for Reporting API host depends on the server your KnowBe4 account is provisioned on:
Enter the host only — no
https:// prefix and no trailing slash.If you are unsure which region your account uses, check the domain of your KnowBe4 console URL or contact your KnowBe4 administrator.Part B — In the Living Security Platform
The program owner completes this step, or the system admin if using delegated setup.1
Troubleshooting
403 Forbidden
403 Forbidden
Either the token lacks Reporting API access, or the request IP is not on the Allowed IP Addresses list. Verify the Reporting API is enabled and that all Living Security egress IP ranges are on the allowlist.
Empty results (200 OK but no data)
Empty results (200 OK but no data)
The Reporting API may not yet have data to return, or the token’s account lacks visibility into the users and campaigns Living Security ingests. Verify the token was generated by an Account Admin.

