Employee risk profile
Review an employee's leaderboard position, training, phishing, application accounts, and active external shares in one place.
Overview
The employee risk profile is a detail panel in the admin Security leaderboard. It brings together the signals currently available for one enrolled employee without taking you away from the leaderboard.
Open the leaderboard for your region:
Select an employee row to open their profile. Use the previous and next controls at the top of the panel to move through the employees on the current leaderboard page.
What the profile shows
The summary includes the employee's:
- Name and profile picture
- Email address
- Last login date, or an indication that they have never logged in
- Group memberships
- Current leaderboard rank and overall score
The remaining sections depend on the modules and data available to your organization.
Training
When training is available, the profile shows:
- Current training status
- Trainings sent, completed, and pending
- Latest completed trainings
- A link to the employee's filtered training report
Phishing
When phishing is enabled, the profile shows:
- Simulations sent
- Dangerous-link clicks
- Submitted passwords
- Recent failed scenarios
The click and password counts link to the corresponding filtered phishing results.
Accounts
When application-account data is connected, the profile shows:
- Total accounts
- Accounts using SSO, MFA, password authentication, or an unknown authentication method
- Active issues involving risky permissions
Assets
When Data Protection sources are active, the profile shows active external shares grouped by low, medium, and high risk. It also links to the employee's active high-risk issues.
If a module is not available, elba shows its setup prompt instead of employee metrics.
Export employee data
Select Export at the top of the profile to download a CSV for that employee. You can also export selected employees from the leaderboard.
Every export includes identity, last-login, rank, and score fields. Additional columns are included when the corresponding module is enabled:
- Training status, completion counts, quiz score where available, and completed training names
- Phishing simulations, dangerous-link clicks, submitted passwords, and failed scenarios
- Account authentication methods and risky-permission count
- Low-, medium-, and high-risk asset counts
The export is a current reporting view. It is not a PDF or a complete historical audit log.
Interpret the profile safely
The profile summarizes signals collected by enabled elba modules and connected sources. A missing section or zero count does not by itself prove that an employee has no risk.
Before taking action:
- Confirm that the relevant module and source are active.
- Check the linked report or issue for supporting context.
- Validate sensitive conclusions with the appropriate system or data owner.
- Limit access to employee security data according to your organization's policies.
Troubleshooting
An employee is missing
Only enrolled, active employees appear on the leaderboard. Check their enrollment status under Settings → Team → Users.
A section has no data
Confirm that the module is enabled and that its source has synchronized. An employee may also have no activity for that section yet.
The profile says the employee has never logged in
This reflects the absence of a recorded elba login. It does not indicate whether the employee has used other connected applications.