To navigate to Account Settings, expand Administration > Settings > Account Settings.
The Account Settings page is where you can specify a default test length, default account time zone, default email rate limit (this is how many emails go out per hour for your tests), default web hook, and group import type on your account. The Notifications tab lets you set up account no usage notifications.
Jump to the following sections that describe the Account Settings page.
The General tab lets you specify certain default settings on your account.
- Default Test Length is how long you want your tests to run. This value will be populated in the test wizard but can be overwritten in the test setup.
- Default Time Zone is what will automatically be used in the date/time dropdowns in the test wizard.
- Default Domain is the default sending domain for your account.
- Default Email Rate Limit is how many emails per hour that will be sent out for the Immediate Test type. The minimum send rate is 10 emails per hour. There is not an upper limit to the sending rate; however, some firewalls will block phishing emails if you attempt to have too many sent over a short period of time. If you're concerned about phishing emails being blocked due to too many being sent out at once, then we recommend starting out with a relatively low sending rate - 300 per hour - and gradually increasing this as you run more tests and see that the emails are not being blocked.
- Testing Excluded IPs (deprecated) are IPs that will be excluded from reports and statistical data. As of December 2020, this feature has been replaced with the more robust IP Filters tab.
- Default WebHook is the URL of an external file that will be notified of target actions. To use the webhook, you will need a receiving script set up to process the data on your end. The system will send the data in JSON format.
- Group Import Type specifies how the system will handle imports when you attempt to import more targets than your account has available seats to hold. There are three options to choose from:
- Stop and do not import - The import will fail entirely. No targets will be imported.
- Import up to the available amount - Imports up to the available amount of seats and stops importing emails.
- Import all and send a bill for the overage - Imports all the targets. If you go over your seat limit, then you will be billed for the excess.
The Notifications tab lets you specify an account manager name and email address. You can also turn on/off usage notifications. The usage notifications will cause a "no usage email" to be sent to all PhishingBox admins if no tests have been run in the past 90 days.
The Manager Email address will receive notification_test_started and notification_test_send_finished (these are sent out when you start a test and when the emails are finished sending for the test). Also, when a group sync using an integration (such as LDAP, Azure, or Litmos) completes, a integration_sync_finished email is sent to the Manager Email.
The Passwords tab lets you specify the requirements that users must meet when creating/setting a new password.
- NOTE: If a user is provided access to the phishing portal via your organization's SSO IDP and does not already have an account in the phishing portal (in Administration>Manage Portal Users), an account will automatically be created with a role of "Admin" when the user accesses the phishing portal via SSO.
The EVENTS tab lets you set up events that occur when a specific action occurs (such as a campaign ending). Currently, the only events supported are emailing out a custom report (By Test) at the end of a campaign.
Clicking the Create New Event button will open up a popup that lets you create an event.