Skip to content
Jericho Trusted Operator Runbooks

CS common issues outline

This outline comes from recurring issues in the Customer Success daily update channel. Use it to decide which public support docs and private trusted operator runbooks to write first.

Priority 1 — Customer-facing setup docs

Section titled “Priority 1 — Customer-facing setup docs”

These belong in the public support site because customers and trusted operators both need them.

Google Workspace allowlisting and Direct Mail Injection

Section titled “Google Workspace allowlisting and Direct Mail Injection”

Recurring issue: operators ask whether Google customers should use manual allowlisting or Direct Mail Injection, and where DMI lives in the current Jericho console.

Address:

  • Preferred Google Workspace path: when to use DMI vs manual allowlisting.
  • Current console navigation for DMI setup.
  • Required Google admin prerequisites.
  • How to verify the connection works.
  • Troubleshooting when the DMI settings are not visible.
  • Clear note that stale Integration Settings wording is obsolete if the UI has moved.

Pages to create or fix:

  • Public: Google Workspace Direct Mail Injection.
  • Public: Google Workspace allowlisting decision guide.
  • Private: Verify Google DMI setup for a customer.

Roles and permissions

Section titled “Roles and permissions”

Recurring issue: customers ask what Admin, Manager, and Viewer can do. Parsons reported Viewer did not behave read-only.

Address:

  • Role definitions in plain language.
  • What Viewer can view.
  • What Viewer cannot change.
  • How active campaigns behave under each role.
  • Known edge cases after the fail-closed Viewer enforcement change.
  • How to test role behavior before responding to a customer.

Pages to create or fix:

  • Public: User roles and permissions.
  • Private: Verify customer role/permission reports.

Campaign reporting: clicked vs entered info

Section titled “Campaign reporting: clicked vs entered info”

Recurring issue: PGIM saw dashboard and CSV/report disagreement because Enter Info campaigns count submitted data as the failure event, not just the initial click.

Address:

  • Difference between Clicked and Entered Info.
  • Which metrics appear in dashboards, CSVs, and campaign reports.
  • How Enter Info campaigns define failure.
  • How to explain apparent discrepancies to customers.
  • Any product changes adding a distinct Entered Info tile.

Pages to create or fix:

  • Public: Understand campaign result metrics.
  • Public: Why dashboard and CSV counts can differ.
  • Private: Investigate campaign metric discrepancies.

Priority 2 — Private operator runbooks

Section titled “Priority 2 — Private operator runbooks”

These should stay in the private Starlight site behind Cloudflare Access. Operator-facing steps must use only ActiveAdmin and Litmos admin. Anything requiring developer access becomes escalation criteria.

Scanner and proxy false positives

Section titled “Scanner and proxy false positives”

Recurring issue: Jennison saw a spike in failures/clicks caused partly by Microsoft Safe Links-style scanners and proxies.

Address:

  • How to distinguish likely human clicks from scanner/proxy clicks.
  • Evidence to review: timing after delivery, ASN/IP, hidden/tracking destination hits, /hp/... honeypot hits, training follow-through, Litmos enrollment.
  • How to prepare a recipient-level CSV for customer-safe sharing.
  • Approved language: avoid reporting scanner-driven events as confirmed human failures.
  • When to escalate to engineering.

Private pages to create:

  • Classify campaign click false positives.
  • Prepare customer-safe click classification CSVs.

Tenant and LMS/team sync checks

Section titled “Tenant and LMS/team sync checks”

Recurring issue: Odyssey asked whether new phishing-tool users are being added to the correct Odyssey Group team in Litmos.

Address:

  • Where to verify user import state.
  • Where to verify Litmos team/group membership.
  • How Entra Security Group connectivity affects LMS enrollment.
  • Evidence to collect before engineering escalation.
  • Customer-safe response templates.

Private pages to create:

  • Verify Litmos team enrollment.
  • Troubleshoot Entra group to LMS sync.

CSV upload templates and segmentation fields

Section titled “CSV upload templates and segmentation fields”

Recurring issue: Parsons requested a CSV upload template supporting segmentation fields such as Region, Market, Sector, 2nd Tier Manager, and 2nd Tier Manager Email.

Address:

  • Canonical CSV headers.
  • Which columns are required vs optional.
  • How custom fields appear in segmentation and reporting.
  • How manager fields should be named.
  • How to validate a customer’s CSV before upload.

Pages to create:

  • Public or private depending on product readiness: User CSV upload template.
  • Private: Review customer CSV templates before upload.

Slack integration status checks

Section titled “Slack integration status checks”

Recurring issue: TrueLayer asked for Slack integration status.

Address:

  • What “Slack integration” means in Jericho context.
  • Where to check installation/connection state.
  • Required Slack permissions/scopes if customer-facing.
  • What evidence to gather before escalation.

Private page to create:

  • Check Slack integration status.

Priority 3 — Content quality and localization

Section titled “Priority 3 — Content quality and localization”

French localization and report-button consistency

Section titled “French localization and report-button consistency”

Recurring issue: Franklin Empire has French localization issues and contradictions around Outlook Report Button instructions.

Address:

  • Current status of French email/training localization.
  • Whether Outlook Report Button wording is localized.
  • How to identify non-localized strings.
  • How to file/update localization tickets.
  • How to explain limitations to customers.

Pages to create:

  • Private: Triage localization issues.
  • Public if needed: Supported languages and localization coverage.

Support-doc freshness checks

Section titled “Support-doc freshness checks”

Recurring issue: customers and operators cite stale support docs, especially DMI setup and role definitions.

Address:

  • Add doc owner and code refs to critical setup pages.
  • Weekly audit for SSO, SCIM, DMI, whitelisting, report button, roles, metrics.
  • Update public docs when UI navigation changes.
  • Add “last verified” metadata to setup pages.

Maintainer pages to create:

  • Critical docs freshness checklist.
  • Customer-facing setup doc ownership map.

Product/release-note additions

Section titled “Product/release-note additions”

These came from the accessible product/release channel. They are less “daily support fire” and more “features CS will get asked about after release.”

Feature flags and customer visibility

Section titled “Feature flags and customer visibility”

Recurring issue: release notes include feature-flagged capabilities, and CS needs to know whether a customer can actually see the feature.

Address:

  • How operators can identify customer-visible access from ActiveAdmin when there is a visible org setting or UI indicator.
  • What the release-note flag marker means.
  • Which capabilities may be hidden behind flags such as custom_groups, triage_cases, workday_manager_sync, litmos_enrollment_discovery, siem_publishing, and device_farm.
  • When to escalate to Jericho engineering because feature flag state is not visible from ActiveAdmin.
  • What to say to customers when a feature shipped but is not enabled for them.

Private page to create:

  • Check customer-visible feature access from ActiveAdmin.

Smart groups and segmentation

Section titled “Smart groups and segmentation”

Recurring issue: Smart Groups are becoming central to training assignment, CSV exports, segmentation, and reporting.

Address:

  • What Smart Groups are for.
  • How starter templates work.
  • How the rule builder works on create and edit.
  • What “refresh” does and how membership count should be interpreted.
  • How group-filtered campaign recipient exports work.
  • How Smart Groups sync to Litmos training assignment.
  • Tenant-safety warning: never add cross-org employee IDs.

Pages to create:

  • Public if customer-enabled: Create and manage Smart Groups.
  • Public if customer-enabled: Export campaign recipients by group.
  • Private: Verify Smart Group membership and Litmos sync.

Training, Litmos, and overdue/compliance state

Section titled “Training, Litmos, and overdue/compliance state”

Recurring issue: Litmos is no longer just a backend integration; CS needs to explain enrollments, overdue status, team assignment, reminders, and Slack/Teams notifications.

Address:

  • Difference between Jericho enrollment state and Litmos enrollment state.
  • What Litmos “overdue” means and where Jericho surfaces it.
  • How manual training reminders work.
  • How scheduled training assignments and due dates work.
  • How Teams/Slack notifications are configured per team.
  • How duplicate/unique-conflict rows and rate limits affect sync timing.

Pages to create:

  • Public: Training assignments, due dates, and reminders.
  • Public: Understand training status and overdue reporting.
  • Private: Troubleshoot Litmos sync delays and conflicts.

Workday manager sync and manager fields

Section titled “Workday manager sync and manager fields”

Recurring issue: manager relationships now come from multiple paths: CSV upload, SCIM, and Workday.

Address:

  • Which source wins when manager data exists in multiple places.
  • How Workday manager sync is configured and enabled.
  • Which manager fields appear in CSV uploads and reports.
  • How manager relationships affect escalation/reporting.
  • Customer-safe prerequisites for Workday setup.

Pages to create:

  • Public: Manager fields and reporting relationships.
  • Private: Verify Workday manager sync.

SCIM profile fields and Litmos custom fields

Section titled “SCIM profile fields and Litmos custom fields”

Recurring issue: Odyssey/ThoughtWorks-type asks around SCIM locality and custom profile fields keep surfacing.

Address:

  • Supported SCIM profile fields: city, state, street_address, department/division/office, and postal code if applicable.
  • How multi-line street addresses map to Litmos street1/street2.
  • Which fields are stored in Jericho but not yet visible in the Rails employee UI.
  • How Jericho custom fields map to Litmos custom fields.
  • How to verify field propagation without promising instant sync.

Pages to create:

  • Public: Supported SCIM user attributes.
  • Private: Verify SCIM-to-Litmos profile field propagation.

SIEM/Splunk webhook integration

Section titled “SIEM/Splunk webhook integration”

Recurring issue: SIEM publishing is now an enterprise integration, but it is gated and security-sensitive.

Address:

  • What events can be published: simulation, training, and campaign events.
  • Customer prerequisites for Splunk/SIEM webhook setup.
  • Security handling for webhook credentials.
  • Feature flag / entitlement requirements.
  • How to test delivery and troubleshoot failed events.

Pages to create:

  • Public or gated customer doc: SIEM webhook integration.
  • Private: Verify SIEM event publishing for a customer.

Triage Center operations

Section titled “Triage Center operations”

Recurring issue: Triage Center is gaining operator workflows: HTML rendering, CSV export, prev/next navigation, reporter naming, forwarding behavior.

Address:

  • How to review a triage case.
  • Plain text vs rendered HTML view.
  • Exporting closed/triaged emails to CSV.
  • What reported_by means versus email from.
  • What to include before escalating a triage issue.

Pages to create:

  • Public if customer-facing: Use the Triage Center.
  • Private: Investigate and export triage cases.

Analytics and executive reporting features

Section titled “Analytics and executive reporting features”

Recurring issue: release notes mention customer-visible analytics surfaces that CS will need to explain.

Address:

  • Employee Security Journey timeline.
  • Click Timeline.
  • Time to Report and Time to Open KPIs.
  • Highest Risk People card.
  • Top reporters and top failures exports.
  • Risk-score cutoff date and test campaign exclusion.
  • What is customer-visible versus CS/admin-only.

Pages to create:

  • Public: Employee Security Journey.
  • Public: Time to Report and Time to Open metrics.
  • Private: Configure risk-score cutoff and test campaign exclusion.

Campaign creation and content generation edge cases

Section titled “Campaign creation and content generation edge cases”

Recurring issue: AI-generated/custom pretexts, selected pretexts, role-based recommendations, voice/IVR, SMS/WhatsApp sender identity, and channel-specific sender guidance all create operator questions.

Address:

  • How custom pretext rotation works.
  • How selected pretexts are shown and counted.
  • What role-based training recommendations are based on.
  • SMS/WhatsApp sender identity fallback behavior.
  • Voice cloning / IVR persona setup boundaries: what is productized vs internal-only.
  • “Shipped but not user-visible” rule for campaign difficulty gauge and IVR persona fields.

Pages to create:

  • Public: Use AI suggested and custom pretexts.
  • Public or private: Channel-specific sender guidance.
  • Private: Do not announce internal-only campaign capabilities.

Suggested first twelve pages

Section titled “Suggested first twelve pages”
  1. Public: Google Workspace Direct Mail Injection.
  2. Public: User roles and permissions.
  3. Public: Understand campaign result metrics.
  4. Public: Training assignments, due dates, and reminders.
  5. Public: Supported SCIM user attributes.
  6. Public or gated customer doc: SIEM webhook integration.
  7. Private: Classify campaign click false positives.
  8. Private: Check customer-visible feature access from ActiveAdmin.
  9. Private: Verify Litmos team enrollment.
  10. Private: Verify SCIM-to-Litmos profile field propagation.
  11. Private: Review customer CSV templates before upload.
  12. Private: Configure risk-score cutoff and test campaign exclusion.
Section titled “Recommended Starlight IA additions”

Add these groups to the private site sidebar:

  • Campaign investigations
    • Classify click false positives.
    • Investigate metric discrepancies.
    • Prepare customer-safe CSVs.
  • Integrations
    • Verify Google DMI setup.
    • Check Slack integration status.
    • Troubleshoot Entra group to LMS sync.
    • Verify Workday manager sync.
    • Verify SIEM event publishing for a customer.
  • User management
    • Verify role/permission reports.
    • Review customer CSV templates.
    • Verify Litmos team enrollment.
    • Verify SCIM-to-Litmos profile field propagation.
  • Training and analytics
    • Troubleshoot Litmos sync delays and conflicts.
    • Configure risk-score cutoff and test campaign exclusion.
    • Explain Employee Security Journey and Time to Report metrics.
  • Feature access
    • Check customer-visible feature access from ActiveAdmin.
    • Do not announce internal-only campaign capabilities.
  • Localization
    • Triage localization issues.