KnowBe4 experienced a major incident on November 7, 2025 affecting Authentication and Authentication and 1 more component, lasting 16h 15m. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- investigating Nov 07, 2025, 09:57 PM UTC
We are currently investigating issues when authenticating into Prevent, Protect and Defend.
- investigating Nov 07, 2025, 10:03 PM UTC
We are continuing to investigate this issue.
- monitoring Nov 07, 2025, 11:08 PM UTC
A fix has been implemented and we are monitoring the results.
- resolved Nov 08, 2025, 02:13 PM UTC
This incident has been resolved.
- postmortem Dec 10, 2025, 05:16 PM UTC
On November 7, 2025, we identified an issue that prevented some customers from accessing the Defend Admin Portal using SAML-based authentication. This issue affected customers in the US region between approximately 3:32 p.m. UTC and 11:06 p.m. UTC on November 7, 2025. Customers using OAuth authentication were not affected. This issue was caused by an inadvertent configuration change to a critical system policy that removed a necessary value. When customers attempted to log in via SAML, the missing value caused authentication to fail. To resolve this issue, we rolled back the policy to its previous configuration. Customers were able to log in successfully at 11:02 p.m. UTC, and the incident was fully resolved at 11:06 p.m. UTC. To prevent similar issues in the future, we've implemented enhanced change control processes for critical system policies, including mandatory peer review requirements and additional confirmation steps before modifications can be made. We've also established a version control system to ensure quick recovery capability for all policies. No data loss occurred as a result of this issue.