The Users page provides a centralized location for managing users within your organization. From this page, you can invite new users, create users manually, assign roles and permissions, manage Multi-Factor Authentication (MFA), reset passwords, and view user account information, including last login, password status, and account creation date. You can also search for users, edit existing user accounts, and manage user access to the ThreatLocker Portal.
- Navigate to the “Users” page from the sidebar on the left-hand side of the portal.

This page shows the users in the organization you are currently in.
Invite User

To invite a new user to your organization, navigate to the Users page and select the Invite Users button located in the top-left corner.
In the Invite User to Organization window, enter the user's email address and assign them a role. If a suitable role has not yet been created, select + Add New Role to create one.
After the invitation is sent, the user will appear on the Users page regardless of whether they accept or ignore the invitation.
The invited user will receive an email from noreply@threatlocker.com containing an invitation link. This link expires after 24 hours. If the invitation expires before the user completes the registration process, you will need to send them a password reset to allow them to complete their account setup.
Create a New User Manually
To manually create a new user for your organization, navigate to the Users page. In the top-left corner, select Additional Options, located next to the Invite Users button, and then select New User.

Selecting New User opens the Create User window, where you can enter the user's email address and create a password for them to use when signing in. You can also add optional user details, including:
- First name
- Last name
- Job title
- Manager
- Time Zone
- Cell phone number

Multi-Factor Authentication
Within the New User section, you can configure the Multi-Factor Authentication (MFA) method the user will use when signing in.
Available MFA options include:
- None
- One-Time Code (OTC)
- DUO, if the DUO integration has been configured
When OTC is selected, you can either configure the MFA method immediately or require the user to set it up during their next login.
Roles and Permissions
After entering the user's account details, you can assign their role or permissions.
You can either:
- Assign an existing role.
- Configure individual permissions for the user.
For more information, refer to the User Permissions article.
Notify on Request
You can optionally enable Notify on Request for the user. When enabled, the user will receive an email notification whenever there is a pending approval request in the Response Center for both the parent and child organizations.
Passwordless Authentication
You can also optionally enable Passwordless Authentication. When configured, the user can sign in by entering a 4 to 8-digit PIN received through a phone call.
Note: When a user is created manually, they will not receive an email notification that their account has been created.

Delete User & Reset Password
Delete a User
To delete a user, select the checkbox next to the user you want to remove, then select Delete User.
Deleting a user removes their account from your organization and prevents them from signing in to the ThreatLocker Portal.
Reset a User's Password
You can send a password reset email to a user using any of the following methods:
- Select the checkbox next to the user and choose Reset Password.
- Select the Key icon under the Actions column.
- Edit the user's account and select Reset Password.
A password reset email will be sent to the user's registered email address. The password reset link expires after 24 hours.
Note: If there are no other users in your organization with permission to reset your password, contact the Cyber Heroes for assistance.

Reset Multi-Factor Authentication for OTC
Reset a User's Multi-Factor Authentication (MFA)
To manage a user's Multi-Factor Authentication (MFA) settings, navigate to the Users page and select the user. This opens the Edit User side panel. From there, scroll to the Multi-Factor Authentication section.
Depending on the user's configured MFA method, you can perform the following actions:
- Generate QR Code – Generates a new QR code for the user to scan with their authenticator application. The user must verify the new code before it becomes their active One-Time Code (OTC) authentication method.
- Reset OTC for Next Login – Clears the user's existing OTC configuration and prompts them to set up OTC again the next time they sign in.
Note: If a user has lost access to their OTC code, either generating a new QR code or selecting Reset OTC for Next Login will allow them to reconfigure their MFA.
Note: If you have lost access to your own OTC code and no other user in your organization has permission to reset your MFA, contact the Cyber Heroes for assistance.

Search Bar, Date Created, Last Login, Created Date
Search and User Information
The Search bar is located at the top-center of the Users page, next to the All Users dropdown. Use the search bar to quickly locate a user by their email address, first name, or last name. This is especially useful for organizations with a large number of users.

The Users page also displays the following account information:
Last Login
Displays the date and time the user most recently signed in to the ThreatLocker Portal.
Password Changed
Displays the date the user last changed their password. The status indicator changes color based on the age of the password:
- Green – Password was changed recently.
- Yellow – Password is approaching the recommended age.
- Red – Password is older and should be changed.
Created
Displays the date the user account was created.

Help Center