/portalAPI/Organization/*

This article will encompass all portalAPI calls that are related to /portalAPI/Organization/* endpoints

 

Be sure to input the instance your organization exists on for each call. This is indicated with the "INSTANCE" text in each endpoint. Linked here is a KB to find your instance:

Locating Your Organization's Instance | ThreatLocker Help Center

OrganizationCreateChild

https://portalapi.INSTANCE.threatlocker.com/portalapi/Organization/OrganizationCreateChild

• Method: POST
• Description: This API is used when navigating to the Organizations page in the ThreatLocker Portal, locating and selecting the "New Organization" button, entering all the new organization details, and selecting "Create." This API is responsible for creating new child organizations from your parent organization. Upon creation, the Products and any Options (corresponding to the options field below) enabled on the parent organization will be passed down to the new child organization. To create a child organization in a different organization than the currently logged in/managed organization (create a grandchild organization), use the managedOrganizationId header as described below.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • Fields
    • displayName: This field determines the display name of the organization that will be created. When the name field listed below in the Optional Body/Parameters section is not used, it defaults to what is entered in this field.
      • Expects: Any text input
    • timezoneId: Use the UserGetAllTimezones API endpoint to retrieve all available timezones that can be applied to the new organization being created. Use the id value when applying the time zone. This field expects the id value to be entered exactly as it appears when it is returned from the UserGetAllTimezones API.

      •  Expects: One id value

• Optional Body/Parameters
  • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Fields
    • domains: This field determines the domains that will be added to the organization that will be created. One or multiple domains can be entered. For each domain, enter the full domain string in the format below. When this field is omitted, no domains will be added.
      • Expects: Any text input
    • elevationDefaultHours: This field determines the default time period in hours when Elevation is used in the organization that will be created. When entering the Integer value 0 or omitting this field entirely, there will be no default expiration applied. This field expects only one of the following Integer values to be entered; any Integer value cannot be entered:
      
      • 1
      • 2
      • 6
      • 12
      • 24
      • 0
    • hasDisabledEmailNotifications: This field determines whether the users in the organization that will be created will NOT receive emails from ThreatLocker. When this field is set to true, users will NOT receive emails from ThreatLocker, besides password reset emails. When this field is set to false or omitted, the organization will allow emails to be sent to users within the organization.
      • Expects: true or false
    • itarCompliant: This field determines whether the organization that will be created will be ITAR compliant. When this field is set to true, the organization will be ITAR compliant, preventing access/management from outside the United States. When this field is set to false or omitted, the organization will not be ITAR compliant.
      • Expects: true or false
    • name: This field determines the identifier that will be applied to the organization that will be created. The identifier is primarily used when running deployment scripts to install ThreatLocker onto your computers through an RMM agent.
      • Expects: Any text input

Note: The options that can be applied in the options field below to the organization that will be created should be used with extreme care as changing these options may greatly impact ThreatLocker's ability to monitor and secure your environment.

Options Tab: Choices and Descriptions

• • • options: This field determines the options that will be applied to the organization that will be created. Any options that are already applied to the parent organization will be passed down to the organization that will be created, even if this field is omitted. One or multiple options can be entered into this field. For each option, enter the text of the option exactly as it appears in the KB article below. The Optional body section formats adding two options. The options available are listed in the KB article above.
      • Expects: Text of any organization option exactly as listed in the article above
    • proxyServerOption: This field determines the server option that is selected when using a proxy/ThreatLocker Relay Server setting with the organization that will be created. This field expects one of the following text inputs to be entered exactly as they appear below:
      • http://
      • https://
    • proxyUrlEntry: This field determines the proxy/ThreatLocker Relay Server URL that will be used with the organization that will be created. This field expects any valid URL to be entered.
      • Expects: Text of any valid URL
    • timeoutOnLogin: This field determines the number of minutes an administrator can be inactive in the organization that will be created before they are logged out of the ThreatLocker Portal. When entering the Integer value 0 or omitting this field entirely, the logout timer will be set to 24 hours (1440 minutes). This field expects only one of the following Integer values to be entered; any Integer value cannot be entered:
      • 15
      • 30
      • 60
      • 120
      • 240
      • 480
      • 1440

Note: In order to configure proxy/ThreatLocker Relay Server Settings through this API, your ThreatLocker Windows Agents should be on ThreatLocker agent version 10.3 or below. If your agent versions are greater than 10.3.1, use the Advanced Settings page to configure a proxy/relay.

• • • useProxyServer: This field determines whether the organization that will be created will use a proxy/allow the configuration of the ThreatLocker Relay Server Settings. When this field is set to true, the organization will use a proxy/relay as per the settings configured in the proxyServerOption and proxyUrlEntry fields. When this field is set to false or omitted, the organization will not use a proxy/relay.
      • Expects: true or false

• Permissions Needed for User
  
  • Edit Organizations

OrganizationGetAuthKeyById

https://portalapi.INSTANCE.threatlocker.com/portalapi/Organization/OrganizationGetAuthKeyById

• Method: GET
• Description: This API is used when navigating to the Devices page in the ThreatLocker Portal, selecting the "Computer Options" hamburger dropdown in the top left corner, and selecting the "Get Logon Script" button. This API returns the AuthKey of the currently managed organization, typically the parent organization or the one where the currently authenticated user is logged in/exists. When no AuthKey value is returned and the API returns a 200 status code, it may indicate that an AuthKey has not been generated for the organization. Use the OrganizationUpdateAuthKeyById API to try generating an AuthKey for the organization. This AuthKey is used in conjunction with the Logon Scripts that verify whether ThreatLocker is already installed on your endpoints. The AuthKey is used in the script itself, so if ThreatLocker is not installed, it will send the computer information to the ThreatLocker Portal under the "Not Installed" tab on the Devices page. To get the AuthKey for a different organization than the currently logged in/managed organization, use the managedOrganizationId header as described below.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
• Optional Body/Parameters
  • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
• Permissions Needed for User
  • Edit Computers
  • Install Computers

OrganizationGetChildOrganizationsByParameters

https://portalapi.INSTANCE.threatlocker.com/portalapi/Organization/OrganizationGetChildOrganizationsByParameters

• Method: POST
• Description: This API is used when navigating to the Organizations page in the ThreatLocker Portal and is used to retrieve all child organizations. To view child organizations in a different organization than the currently logged in/managed organization (not from the parent organization/where the user account exists), use the managedOrganizationId header as described below.
• Required Body/Parameters
  •  Valid APIKey/Authorization Token in header
  • Fields
    • pageNumber and pageSize: These fields determine the number of organizations that will be returned as if the response were in the ThreatLocker Portal. However, these fields do not follow the same conventions as the pageNumber and pageSize values used in the Portal (pageSize in the Portal is 25, 50, 100, or 500). Any valid integer can be entered, and it will return in the selected formatting. For instance, if there are 5 organizations to be returned, but “pageNumber”: 1 and “pageSize”: 2 are specified, 2 entries will be returned per page, and the first two organizations will be displayed.
      • Expects: An Integer value

• Optional Body/Parameters
  • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Fields
    • includeAllChildren: This field determines whether all child organizations will be included when retrieving the list of organizations. When this field is set to true, all child organizations from all sub-organizations will be returned. When this field is set to false or omitted, only direct child organizations based on the managedOrganizationId will be returned.
      • Expects: true or false
    • isAscending: This field determines the order in which the organizations are returned/shown. When this field is set to true or omitted, the organizations will be returned in decreasing order, from high to low (alphabetically/numerically), based on the orderBy field utilized. When this field is false, the organizations will be returned in increasing order, from low to high, based on the orderBy field utilized.
      • Expects: true or false
    • orderBy: This field will order the organizations that are returned/shown based on the isAscending field and any text entered into the searchText field. This field expects the text from one of the following options to be entered exactly as they appear.
      • billingMethod
      • businessClassificationName
      • dateAdded
      • name
    • searchText: This field allows you to search through your organizations by inputting any text/details you want to search for. Anything that can be searched using the search bar in the Portal on the Organizations page can be entered into this field and returned.
      • Expects: Any text input

• Permissions Needed for User
  • Super Admin - Child
  • View Organizations
  • Edit Organizations

OrganizationGetForMoveComputers

https://portalapi.INSTANCE.threatlocker.com/portalapi/Organization/OrganizationGetForMoveComputers

• Method: GET
• Description: This API is used when navigating to the Devices page in the ThreatLocker Portal, selecting the checkbox next to a computer(s), selecting the "Move Computer" button, and searching for a target organization to move the computer(s) into. This API will return a list of Organizations that can be the target to move the computer(s) to. A list of organizations that the currently logged in/authenticated user has access to will be displayed.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
• Optional Body/Parameters
  • searchText: This field is used to search through the list of available organizations based on organization name to move a computer(s) into.
    • Expects: Any text input
• Permissions Needed for User
  • View Organizations
  • Edit Organizations
  • View Computer Groups
  • Edit Computer Groups

OrganizationUpdateAuthKeyById

https://portalapi.INSTANCE.threatlocker.com/portalapi/Organization/OrganizationUpdateAuthKeyById

• Method: POST
• Description: This API is used when navigating to the Devices page in the ThreatLocker Portal, selecting the "Computer Options" hamburger dropdown in the top left corner, selecting the "Get Logon Script" button, and then, when present, selecting the "Generate Key" button so that an AuthKey can be generated for use in association with the organization. This API will generate the AuthKey for use, and if there is already an AuthKey generated for the organization, the following message will be displayed: "The organization already has AuthKey, can't be updated." This AuthKey is static once it is initially created and is used in association with the Logon Scripts that check whether ThreatLocker is already installed on your endpoints. The AuthKey is used in the script itself, so if ThreatLocker is not installed, it will send the computer information to the ThreatLocker Portal under the "Not Installed" tab on the Devices page. If looking to generate an AuthKey for a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
• Optional Body/Parameters
  • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
• Permissions Needed for User
  • Edit Computers
  • Install Computers