This best practices guide provides access control recommendations that will help keep your Autotask PSA environment secure. Because your company’s data is hosted by Datto and accessed by your resources through a browser, you should use the following features to configure Autotask PSA with strong security and least-privilege access rules that will keep your data secure.
Login security: To access Autotask PSA, users must authenticate with their login and password. Additionally, Datto requires all Autotask PSA users to use either single sign-on (SSO) or two-factor authentication (2FA). To increase login security even more, enable a system setting that will lock users out after a number of specified unsuccessful login attempts and configure a list of recipients that receive email notifications when security-related changes are made that could affect what resources can see or do.
Security levels: Access to features and data in Autotask PSA is controlled by the security level assigned to user roles which can be customized to best match your workflow. If you grant access to your database to external IT resources (either customers or contractors), use the Co-managed Help Desk (system) security level and set up a co-managed help desk.
Security for protected data: User-Defined Fields (UDFs) for assets and companies can be flagged as protected. You can then grant access to view and/or edit these protected fields to individual users.
API users: Set up a separate Application Programming Interface (API) user account (and maybe even a separate API-only User System) for each integration. This allows you to tailor the security permissions to the areas required by each integration.
Report security: Datto provides multiple levels of security control to access its pre-built reports and the data within the reports. Review your company security level settings for report and data access (along with the publish settings for LiveReports) and make adjustments as needed to ensure that your resources have access to only the reports and data that they need.