Quick Start Guide: Welcome to Your Security Awareness Platform đź‘‹
Whether you’re just getting started or need a quick refresher, this guide walks you through the key steps to set up your account. Follow each phase in order, and you’ll have your programme live, tested, and delivering value in no time.
In This Article:
🎥 Platform Walkthrough Video
⚙️ Phase 1: Basic setup
⚙️ Phase 2: Technical setup
🎣 Phase 4: Testing
đź“Ł Phase 5: Internal Communication
🎓 Phase 6: Creating Your First Training Campaign
đź“Š Phase 7: Accessing & Monitoring Reports
🆓 Free Resources: Public Portal
🎥Platform Walkthrough
Before diving in, watch our onboarding video for a quick overview of the Admin Manager journey. It only takes a few minutes and gives you the full picture before you start clicking around.
⚙️Phase 1: Basic Setup
- Sign in:
- Use the link in your Manager Welcome Email, or go directly to app.goldphish.com.
Having trouble? Check out our Can't log in to the platform guide.
Looking for Single Sign-On? Check out our Single Sign-On guide.
- Language & Branding (Whitelabelling)
Make the platform feel like home, so your team recognises the emails they receive.
- Set Language: Go to Company > Actions > Edit Company.
- Whitelabelling: Upload your logo and apply your brand colours.
- Customise: Personalise system emails to match your organisation's tone.
Need more detail? See our Whitelabelling and How to Customise System Emails guides.
⚙️Phase 2: Technical Setup
- Whitelisting ( Do Not Skip )
Before launching any campaigns, involve your IT team. Proper whitelisting ensures phishing simulations and system emails:
- Reach inboxes
- Aren’t blocked by filters
- Don’t land in junk
Share These Guides With IT:
- Technical Information ( domains)
- Whitelisting in Microsoft 365
- Whitelisting in Google Workspace
- Third-Party Whitelisting Tools - Remember to whitelist in filters (e.g., Mimecast) and endpoint security (e.g., Microsoft Defender, Bitdefender, ESET).
Note: Always whitelist by domain unless a guide specifically says otherwise.
- Set Up The Phish Reporter
This is your "Human Firewall" and your primary metric for success. There are two setup options depending on your environment:
- Option A ( M365): Microsoft Report Button (One-click in Outlook)
- Option B (Google Workspace & others): Google Workspace (Forwarding to a dedicated mailbox)
Why it matters:
- Clicks tell you who was fooled.
- Reports tell you who is thinking.
- When a learner flags a suspicious email, that’s real behaviour change - and that’s your ROI.
Need more info? See our Phishing Guides.
đź‘Ą Phase 3: Adding Learners
Organising learners by department gives you clearer insights, highlights high-risk teams, and helps tailor future training.
Go to Users > Add Users
Choose our method:
- Manually add users one at a time,
- Import Users in bulk via a CSV file, or
- Sync Users using Active Directory Integration.
Note: Learners won’t receive any emails until you officially launch your first training campaign.
Need help? See our How to Create and Manage Departments guide.
🎣 Phase 4: Testing
- Internal Test Campaign
Once IT confirms whitelisting and the Phish Reporter has been set up, it’s time to confirm everything is working as expected. Send a phishing campaign to 2–3 admins
- The Goal: Confirm the email arrives in the inbox, opens, clicks work, and the "Reported emails" track correctly in the dashboard.
- If the email lands in spam or isn’t delivered, ask IT to review the whitelisting settings.
- The Baseline Phishing Test
Now, send one simple phishing test to everyone.
- The Goal: This creates a "Starting Risk Level" before training begins and gives you a clean benchmark to measure how much your team improves after training.
Need help? Check out our How to Launch a BaselineTest guide.
đź“Ł Phase 5: Internal Communication
Now that testing and your baseline are complete, it’s time to send out a communication outside of the platform (for example, an internal email).
👉🏼Use our Pre- Programme Templates to let everyone know what’s coming.
Why this matters
Clear, positive communication increases engagement, reduces resistance, and helps employees understand this programme is about support - not punishment.
Keep the messaging positive:
- “We’re building a safer culture together.”
- Not: “We’re testing you.”
🎓 Phase 6: Creating Your First Training Campaign
- Launch your First Training Campaign
- Go to Training > Campaigns > Create Campaign
- Steps: Select Content → Recipients → Schedule → Complete setup → Launch
*Frequency: We recommend "drip-feeding" content monthly rather than one big annual "info-dump."
Need help? See our How to Create a Training Campaign guide.
- Learner Onboarding:
When your first campaign launches, new learners automatically receive:
- Learner Welcome Email: Sets up login & password
- Training Campaign Welcome Email: Nudges completion
Note: The onboarding email contains a secure token valid for 7 days. If a learner waits longer, they must click Reset Password for a fresh link.
Missed the 7-day window? See our How to Resend Learner Welcome Emails guide - much smoother than sending everyone through password reset.
Phase 7: Accessing & Monitoring Reports
Numbers don't lie. Regularly check your progress:
Go to Reports > Select
- Phishing Reports: See risk trends, who clicked vs. who reported.
- Training Reports: See engagement levels and completion rates.
*Formats: Download PDFs for executive summaries or CSVs for deep-dive data.
Need deeper insight? See our Reporting Guides.
Free Resources: Public Portal
Visit our Public Portal on our website under Resources. You'll find
đź“… 12-month Comms Calendar
🖼️ Posters & Infographics
✉️ "Cyber Tip" templates for internal newsletters
Ways organisations use these creatively:
- Office posters
- Screensavers
- Internal newsletters
- Instant messaging
- Weekly Monday “Cyber Tip” from leadership
Keep security visible and top of mind. 🚀💫
🎉Congratulations - You’re Live!
That’s it. Easy peasy 🍋
From here:
- Keep training regular (drip-feed monthly, bi - monthly)
- Communicate outside the platform
- Encourage reporting of suspicious emails
- Celebrate high completion and reporting rates🎉
Because real security awareness isn’t about catching people out - it’s about building habits that stick.
Need help? Just pop us a message via the chatbot or email support.