Managing employees and groups
This article explains how to manage employees in Stoïk Protect Phishing Module, including how to create groups, deactivate employees, update their language, and view individual phishing results.
Employee management helps you better target phishing campaigns and track employee exposure over time.
Groups
Employee groups allow you to organize employees and target specific populations in phishing campaigns (for example, new joiners, finance teams, or executives).
There are two types of groups:
Manual groups — created directly in Stoïk Protect.
Synced groups — automatically imported from your Google Workspace or Microsoft 365 directory.
Create a manual group
Go to
Phishing>Team>GroupsClick
Create a groupEnter a group name
Select the employees you want to include
Click
Save
Once created, the group can be selected when launching phishing campaigns.
Synced groups from your directory
If your organization uses Google Workspace or Microsoft 365, Stoïk Protect can automatically import your existing employee groups (departments, teams, distribution lists, etc.) into the Phishing module.
Synced groups are read-only — they are managed in your directory and kept in sync automatically. They are identified by a ⚡ icon in the group list.
You cannot edit, rename, or delete a synced group from Stoïk Protect. To modify its members, update the group directly in your Google Admin Console or Microsoft Entra ID.
How synced groups work
Groups and their members are imported during each employee synchronization.
If a group contains other groups (nested groups), all members are flattened into a single group on the Stoïk Protect side.
When employees are added to or removed from a provider group, the change is reflected in Stoïk Protect on the next sync.
Synced groups can be selected as audience when launching phishing campaigns, just like manual groups.
Permissions required
Syncing groups requires additional permissions beyond those needed for employee synchronization:
Google Workspace —
Groups ReadandGroup Members Readpermissions. Existing tenants will need to re-authorize the app to grant these permissions.Microsoft 365 —
Group.Read.AllandGroupMember.Read.Allpermissions. Tenants authorized before this feature was released will need to accept the updated permissions.
If the required permissions have not been granted, the tenant will show a Restricted status in Stoïk Protect with a prompt to update permissions (See Restricted). Once accepted, group sync starts automatically.
Deactivate an employee
Deactivating an employee removes them from phishing campaigns while keeping their historical data.
How to deactivate an employee
Go to
Phishing>Team>EmployeesSearch for the employee
Open the employee profile
Click
Settings>Deactivate
The employee will no longer receive phishing emails but their past results remain available for analysis.
You can also deactivate multiple employees at once by selecting them from the Employee table, and clicking Actions > Deactivate.
Change an employee's language
By default, the language used is the one provided by the mailbox provider (Google, Microsoft).
You can set the language used for phishing emails on a per-employee basis to ensure emails match their usual communication language.
How to change the language
Go to
Phishing>Team>EmployeesSearch for the employee
Open the employee profile
Click
Settings>Modify languageChoose the desired language
Save your changes
Future phishing emails sent to this employee will use the selected language.
You can also change the language for multiple employees at once by selecting them from the Employee table, and clicking Actions > Modify language.
View employee phishing results
See Understanding phishing results and performance > Employee-level results
Last updated
Was this helpful?