Quick Start Guide: Welcome to Your Security Awareness Platform đź‘‹

Follow these onboarding steps in order, and you’ll have your programme live.


In This Guide:


Step 1: Watch the Platform Walkthrough Video

Step 2: Log In & Access the Platform

Step 3: Add Your Users & Allocate Licences

Step 4: Configure Your Settings & Branding

Step 5: Complete the Technical Setup (The Important Part!)

Step 6: Run a Quick Test Campaign

Step 7: Launch Your Baseline & First Training Campaign

Step 8: Access Your Reports & Celebrate Wins

Bonus: Grab Your Free Resources


Step 1: Platform Walkthrough  Video


Before diving in, take a few minutes to watch our onboarding video for a quick overview of the platform in just a few minutes.


Step 2: Log In & Access the Platform


  • Check Your Inbox: Sign in using the link in your Manager Welcome Email. If you have not received your welcome email, please check your spam/junk folder.

If you run into access issues, log in directly via app.goldphish.com or follow our steps in the How to reset your password guide.


Step 3: Adding Users & Allocating Licences

Heads-up: Your team won’t receive any automated emails until you officially launch your first training campaign. This gives you and your IT team plenty of time to get things configured and tested without any pressure! ✅

  1. Adding Your Users

Choose whichever method fits your organisation best. As you add new people, your available licences will automatically be allocated to them:

  1. Go to Users > Add Users.
  2. Select your preferred method:
  • Manually: Add users one by one (great for small teams).
  • Bulk Import: Upload everyone at once using a CSV file.
  • Sync: Set up our Active Directory Integration to handle it automatically.

Note: You can upload as many learners as your current licence count allows. Need a top-up? Check out our How to Order & Allocate Licences guide.

  1. Upgrading From a Trial?

If you've recently upgraded, your trial licences have automatically expired. Let's get those users moved over to your new Premium licences:

  • Navigate to the Licence section.
  • Click the Expired Licences tab.
  • Select specific learners or click Select All.
  • Click Allocate Licences - and you're good to go!

Step 4: Configure Your Settings


Make the platform feel like home by customising it to match your company's brand.

  • Company Details: Go to Company > Actions > Edit Company to update your details and choose your default language.
  • White-Labelling: Upload your company logo and theme colour under Settings. This will automatically apply across all your user dashboards and notifications.
  • Customise Templates: Feel free to tweak our system emails, phishing templates, and internal support contact details to match your team's tone.

Step 5: Complete the Technical Setup (Do Not Skip!)


  1. Whitelisting ( Do Not Skip )

Before launching any campaigns, your IT team needs to whitelist our domains. This ensures our simulated phishing emails and system notifications land safely in your team's inboxes rather than getting blocked.

Important Note for IT: Whitelist Goldphish domains across all security layers and tools. This includes bypassing Anti-Spam, Anti-Virus, Malware Scanning, Link Rewriting/Sandboxing, and URL Defence tools.

  1. Set Up The Phish Reporter

The platform is essentially two tools: the Training piece (modules) and the Testing piece (simulated phishing). Clicks tell you who was fooled, but reports tell you who is actively thinking! When a learner flags a simulated email, that's the exact behaviour change you want to see, and that’s your true return on investment!

Share these guides with your IT team so they can get this configured for you.

Set up the Phish Reporter Service

Set up Phish Reporter in Microsoft

Set up Phish Reporter Google Workspace 

Need more context? Check out our Phishing Guides.


Step 6: Run a Quick Test Campaign


Before a full company rollout, run a small test campaign with 2 or 3 users to make sure everything is set up correctly and working.


Ask Users to Follow These Steps:

  1. Check for the email: Confirm they received the test email. If it’s missing, check the spam folder (and have IT double-check the whitelisting).
  2. Interact: Open the email, click the link, and click complete on the Just-in-Time Training page.
  3. Report it: Using their Microsoft Phish Reporter button (or the forwarding method, depending on how your IT team sets it up).

Once your dashboard reflects the test data (give it 5–10 minutes to sync), you are officially all set and ready to roll out your annual security awareness programme! 🎉🚀


Step 7: Launch Your Baseline & First Campaign


  1. Establish a Baseline
  • First, Phish Everyone: Send out an unannounced baseline phishing test. Don't worry - this isn't to catch people out! It simply gives you an honest look at your organisation's starting risk level.
  • Next, the Quiz: Once the phishing test wraps up, deploy Cyber Readiness Quiz 1. This is a one-time assessment to measure your learners' general security knowledge before formal training begins.
  1. Send an Internal Announcement

A little communication goes a long way. Send your team a quick email explaining why this matters and what to expect. It builds trust and boosts engagement right out of the gate.

To make this easy, feel free to copy and paste our Pre-launch Email Templates to get everyone informed, prepped, and ready to engage.

  1. Launch Your First Training Campaign

Now, the fun part! Our training content is NCSC-accredited and updated quarterly to keep up with real-world threats.


What Happens Once Your First Training Campaign Goes Live?

  • Existing users can log in with their existing login details.
  • New users will receive a friendly welcome email prompting them to set up their password.
  • Reminders - We want to save you time. The platform automatically sends out a gentle nudge during either the first or last week of the month to anyone with incomplete training. You don't have to lift a finger. *Learners can still access and complete their training even after the official campaign end date has passed.

Note: If you select Everyone or a Specific Department for a scheduled campaign, any new learners added while the campaign is active or scheduled for the future will be automatically enrolled. Learners will not be added to campaigns that have already ended. This applies to both phishing and training campaigns.



🤖Pro-Tip: The Easiest Way to Handle New Learner Onboarding

We recommend setting up an induction training campaign scheduled to run over a longer period (for example, 12 months) with the audience set to "Everyone". By doing this, whenever new hires join, they'll automatically be enrolled in the onboarding campaign and receive their training straight away.


Good Core Topics To Include:

  • Cyber Readiness Quiz: A quick way to capture your new learners' baseline knowledge.
  • Core Modules: Cyber Threats, Passwords, Phishing, and Safe Web Browsing.
  • Compliance Modules: GDPR, HIPAA, PCI DSS, etc. (whichever apply to your organisation).
  • Role-Based Modules: Specific training for high-target departments like HR, Finance, or IT


Step 8: Access Your Reports & Celebrate Wins


Managers can generate and download progress and performance reports in two formats: PDF for a quick executive summary, or a CSV export for a deep data dive.


Download Reports From:

  • The Reports Section: Pull reports monthly, quarterly, or across all historical campaigns for both phishing and training data.
  • Your "My Company" Dashboard: Perfect for looking at a single, specific campaign. Just click on the specific campaign you want to review, then click View Campaign to see the Campaign Overview.

Quick Tips:

  • If you need to share progress with department heads without giving them full platform access, just download the report as a CSV, filter it by department, and shoot over the file! Each manager will only see their own team’s progress.
  • Download a CSV report, filter progress by "Incomplete," and send a quick, friendly Email, Slack, or Teams nudge to those specific people. Communication outside the platform works wonders for completion rates!

Want to dive deeper into reports? Check out these guides:


Bonus: Grab Your Free Resources


We want to help you keep security visible, positive and top-of-mind all year round throughout your office. Go to our Public Portal under the Resources tab on our Website to download:

đź“… 12-month Comms Calendar

🖼️ Engaging Posters & Infographics for the office

✉️ "Cyber Tips" ready to drop into your internal newsletters


That’s it. Easy peasy! 🍋

Moving forward, simply keep training regularly (we recommend a steady drip-feed monthly or bi-monthly), communicate positively outside the platform, and celebrate high reporting and completion rates.

Be sure to check out What's New on the App in our Support Centre to see all the updates and features we have planned for the year ahead.


If you ever get stuck or need some tailored help, we’ve got your back! 

Just pop us a message via the in-app chatbot or drop us a message via email support.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us