Datto Integration

6 min. readlast update: 05.30.2025

Table of Contents

Enabling the Datto RMM Integration | Deployment | Datto PSA | Company Mapping | Contract Mapping | Ticket Settings | Troubleshooting

The following article will cover setting up integration for Datto PSA and Datto RMM using ThreatLocker. 

ThreatLocker has created an interface in which you can integrate your Datto and ThreatLocker accounts easily. 

Prior to setting up this integration, please use the following instructions to ensure that these settings are configured in Datto PSA:

  • To start, sign in to your Autotask account. 
  • Using the left-hand menu, select ‘Admin’. 

Picture 

  • Select ‘Account Settings & Users’ from the list of ‘Admin Categories’. 

Picture 

  • Select the ‘Resources/Users (HR)’ dropdown, then select ‘Security Levels’ from the list of options. 

Picture

  • From the list of Security Levels, select the menu to the left of ‘API User (system) (API-only)’. Select ‘Copy’ from the dropdown menu. 

Picture 

  • This will open a pop-up window for setting up this new Security Level. It is recommended that you only make changes to the required fields. You should have the following set up: 

    • Under CRM, ensure that ‘Customer & Cancelation’ is set to ‘All’.

      • This allows for client visibility within the ThreatLocker Portal.

Picture

    • Under Service Desk > Object Permissions, make sure that the following is set for ‘Tickets’ as this is used to grant permission to create tickets through Approvals: 

      • View = All 

      • Add = Yes 

      • Edit = Yes 

      • Delete = All 

Picture

Enabling the Datto RMM Integration 

To enable your Datto RMM Integration, navigate to the ‘Integrations’ page in the ThreatLocker portal using the left-hand side of the page. 

Picture 

Within the ‘Integrations’ page, use the search field to input ‘datto’ and select it once it displays in the dropdown. 

Picture 

A side panel titled ‘Add Datto Integration’ will now appear. 

Picture 

Select the checkbox to the left of ‘Enabled’ under Datto RMM. In this section, you must select your RMM Zone, enter your API Key, and enter your API Secret Key. 

Picture 

An API Key and API Secret Key must be generated for each user. For more information on how to retrieve this, please consult the following documentation from Datto: 

After entering these credentials, select the ‘Create’ button at the bottom of the page. 

Once credentials have been successfully validated, you will obtain access to the Deployment Tab. 

Deployment

The ‘Deployment’ tab will now appear on the page to the right of ‘Datto Settings.’ Select this tab. 

Picture 

From here, ThreatLocker will populate all sites associated with the account credentials you entered. Use the dropdown menu to select the site(s) you want to include in your integration. Under this, you will also choose the component to include. The list comprises only the components with the keyword ‘ThreatLocker’.

Note: The 'Component' dropdown is case sensitive. Your component must be named 'ThreatLocker', ensuring the 'T' and 'L' are capitalized.

Picture 

Once this has been filled out, you can also check the ‘Auto Push’ box underneath. Enabling Auto Push will ensure that the component is deployed to all devices in the selected RMM sites, on a recurring schedule, once daily. 

Selecting Push will deploy the selected component to all devices under the checked RMM Sites. 

Picture 

For further information on deploying ThreatLocker using Datto RMM's components, please consult the following article: 

Datto PSA 

To enable your Datto PSA Integration, navigate to the ‘Integrations’ page in the ThreatLocker portal using the left-hand side of the page. 

Picture 

Within the ‘Integrations’ page, use the search field to search for ‘datto’ and select it once it displays in the dropdown. 

Picture 

A side panel titled ‘Add Datto Integration’ will now appear. 

Picture 

Select the checkbox to the left of ‘Enabled’ under Datto PSA. You will be prompted to input your Datto PSA API User Credentials. 

Picture 

Once credentials have been entered, select the 'Save’ button at the bottom of the page. This will save and validate your credentials. Once credentials have been validated, you will receive the ‘Company Mapping’ and ‘Ticket Settings’ tabs. 

Company Mapping 

Navigating to the ‘Company Mapping’ tab, you will now see two fields for PSA Client and Organization. The PSA Client dropdown will populate with accounts found in your Datto PSA account with the ‘Customer’ Account Type. 

Note: If the account does not have the ‘Customer’ Account Type, it will not appear here. 

Picture 

In the ‘Organization’ field, enter the name of the ThreatLocker organization you would like to map this PSA Client account to. 

Picture 

Select the ‘+’ button to add this company map. It will then appear underneath the field. 

Picture 

Successfully mapping clients from your Datto PSA to ThreatLocker is required to set up your Contract Mapping and Ticket Settings. 

Contract Mapping 

The Contract Mapping tab will ONLY appear after a company has been mapped. With this tab, you will be able to view contracts that are applied to your PSA client and implement them here. 

Using the ‘PSA Client’ dropdown, select the client name. The list will then populate with all mapped companies from the Company Mapping tab. 

Picture

Next, using the ‘PSA Contract’ dropdown, select the contract you would like to map. ThreatLocker will be able to view all contracts that are associated with the chosen client. 

Picture 

Lastly, select your PSA Service/Bundle. This information is chosen during contract creation and will populate based on the selected contract. 

Picture 

Once you have entered this information, select the ‘+’ button to finalize your mapping. The entered information will populate underneath the fields. 

Picture 

Ticket Settings 

The Ticket Settings tab allows you to select how tickets from ThreatLocker appear in your Datto PSA account. Navigating to the Ticket Settings tab, you will see different fields with dropdown menus. 

Picture 

Once you have selected all your settings, choose ‘Save’ at the bottom of the page. 

These options correlate with Datto PSA’s ticketing system. Whenever a user from a mapped organization submits an approval request, a ticket will be generated in Datto PSA matching the settings you input in the provided fields. 

Picture

Note: Tickets related to approval requests that have been resolved on ThreatLocker will automatically change the status to ‘Approved’. 

Troubleshooting  

  • No components are listed in the dropdown menu of the Deployment section. 
    • Double-check your component name within Datto. To populate the field, it must be named 'ThreatLocker' without quotations and with a capital 'T' and 'L'. 

  • No clients are listed in the ‘PSA Client’ dropdown in the ‘Company Mapping’ tab. 
    • Only accounts in Datto PSA with the Account Type 'Customer' will appear here.

Was this article helpful?