The Login Settings Page provides a central location to manage where and how your users can access the ThreatLocker Portal. Here, you can set Organization-wide restrictions on which Countries or IP addresses your users can log in from, restrict MFA options, allow SSO, and override the MFA restrictions for specific users.
- Navigate to the Health Center page, then locate the Login Attempts section. Click Login Settings in the bottom-right corner of the panel.


- Alternatively, navigate to the Users page and select Additional Options, then click Login Settings.


Both paths will open the same side panel, 'Login Settings - [Your Organization Name]'. Settings configured here are applied across the entire organization.

ThreatLocker Access
The ThreatLocker Access section controls the level of access that ThreatLocker staff have to your organization. You can assign one of the following access levels to both Solutions Engineers and Cyber Heroes:
- No Access – Prevents ThreatLocker staff from accessing your organization.
- Read-Only – Allows staff to view your environment without making changes.
- Full Control – Allows staff to view and modify your environment as needed.
Note: Only Super Admins can modify these settings. ThreatLocker staff cannot change these permissions on your behalf.
Solutions Engineer Access
Your Solutions Engineer is your primary technical contact and will typically work with you during deployment and onboarding.
By default, Solutions Engineers are granted Full Control. We recommend leaving this setting enabled throughout your trial and onboarding to ensure timely assistance with deployment and configuration.
Cyber Hero Access
Cyber Heroes include the Cyber Hero Support team and the Application Request team. These teams may require access to your organization to assist with troubleshooting or processing application requests.
By default, Cyber Heroes are granted Read-Only access.
Important: If your organization uses Cyber Hero Management, Cyber Heroes must have Full Control access to process Application Requests.
Login Restrictions
The Login Restrictions section allows you to strengthen User account security by configuring:
- Country Restrictions
- IP Address Restrictions
- Multi-Factor Authentication (MFA) Restrictions
- Microsoft 365 Single Sign-On (SSO)
Country Restrictions
Country Restrictions control which countries Users can sign in from.
Choose one of the following options:
- Allow Selected – Only Users signing in from the selected countries are permitted to access the ThreatLocker Portal.
- Block Selected – Users signing in from the selected countries are blocked from accessing the ThreatLocker Portal.
Important: If you select Allow Selected, all countries not included in the allowed list will be blocked. Ensure your own country is included before saving your changes to avoid locking yourself out of the portal.
IP Address Restrictions
IP Address Restrictions control which IPv4 addresses users can use to access the ThreatLocker Portal.
Choose one of the following options:
- Allow Selected – Only Users connecting from the specified IPv4 addresses are permitted.
- Block Selected – Users connecting from the specified IPv4 addresses are denied access.
Note: If Allow Selected is enabled, all IP addresses not included in the allow list will be blocked.
Important: IP Address Restrictions do not override Country Restrictions. If an entire country is allowed through Country Restrictions, any IP address within that country will also be allowed.
MFA Restrictions
Use MFA Restrictions to control which Multi-Factor Authentication methods users can use when signing in.
These settings apply organization-wide unless a User Override has been configured.
Available options include:
- None – Users can use any supported MFA method.
- Allow Selected – Restricts Users to the selected MFA methods.
- One-Time Code (OTC) – Can be enabled when Allow Selected is configured.
If an user is currently using an MFA method that is no longer permitted, they will be prompted to reconfigure their MFA settings during their next login.
DUO Integration
If your organization has not yet configured DUO, navigate to the Integrations page to complete the setup.
For detailed configuration instructions, refer to the DUO Integration Knowledge Base article.

Allow SSO
The 'Allow SSO' option lets admins establish O365 SSO. ThreatLocker does not recommend using SSO for your ThreatLocker Account. After this option is enabled, the user will need to switch their account from a standard login to SSO. Please see the following article for further instructions: How to Enable O365 SSO | ThreatLocker Help Center (kb.help)

Enabling the "Allow SSO" option will generate a further option, Enforce SSO / Disable Local Login, which will force all users within your organization to utilize SSO.
Warning: Enforcing SSO will prevent any user within your organization signing in if they do not have SSO set up.
Login Restrictions - User Override
'User Override' allows particular users to be permitted to use other MFA methods, outside of those selected in 'MFA Restrictions'. If OTC is the only allowed MFA method across an organization, for example, an MFA User Override can be established to allow a specified administrator to utilize their DUO integration for authentication.

Help Center