I'm looking to understand the kind of Domain Wide Delegation that security awareness training software like KnowB4 requires when integrating with Google. It seems like the permissions they're asking for might be excessive. If anyone has experience with this, I'd love to hear your thoughts. What kind of access have your products asked for? Would you be comfortable granting them Domain Wide Delegation?
3 Answers
Honestly, I question why any security awareness training tool would need delegation permissions. Typically, you'd only be looking at SSO integration for these types of tools. What’s the exact name of the product you've been using? Some tools claim to have special features, but they often don't need this level of access.
When I set up KnowB4 at a previous job, they didn't require any delegation at all. It was a pretty straightforward process where I just needed to integrate it without giving away too much access. So, it might vary depending on how you're configuring it.
I heard that with some features like Direct Message Injection (DMI), it sounds like it streamlines delivering simulated phishing emails directly to users’ inboxes without cumbersome whitelisting. But still, that doesn’t mean you have to set it up that way. There are usually less intrusive options available!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures