Skip to Content
IntegrationsCRM / PSAAutotask PSA

Autotask PSA

Cotillion’s Autotask integration is a read-only sync of Opportunities, Quotes, Quote Items, Companies, Contacts, Projects, Contracts, SLA results, and engagement history (Service Calls, Time Entries) from your Autotask PSA tenant into the Cotillion canonical deal model. Once synced, the deals appear in your Cotillion workspace where you can register them against vendor portals (AWS Partner Central, Microsoft Partner Center, …) with a single action.

Before you begin — you’ll create a dedicated API User in your Autotask PSA with a custom Security Level scoped to read-only. The whole setup takes about 10 minutes and follows Datto’s official Vendor On-boarding guide.

At a glance

ItemValue
AuthenticationAPI User (Basic auth) — Username + Secret
API surfaceAutotask REST API v1.0
Vendor trackingIntegration Vendor — indyrct | Cotillion - Partner Portal Automation
DirectionRead-only (Cotillion never writes back)
CredentialsAWS KMS-encrypted at rest, never logged
Zone detectionAutomatic (Cotillion picks the right webservices*.autotask.net for your tenant)

Setup

Datto recommends a dedicated Security Level so the API User only has access to the data this integration needs.

In Autotask PSA:

  1. Open Admin → Account Settings & Users → Resources/Users (HR) → Security → Security Levels.
  2. Locate API User (System) in the list and copy it.
  3. Rename the copy to Indyrct CRM Read-only (or similar).
  4. Open the copy for editing.
  5. Set all top-level sections (Inventory, Workforce Management, Documents & Knowledge Base, Reports, Other) to No Permission.
  6. Configure only the sections listed below.
  7. Save & Close.

Required Security Level configuration (all other sections set to No Permission, all Add / Edit / Delete dropdowns set to None):

CRM → Account & Contact Access

  • Customer & Cancelation — All
  • Vendor & Partners — All
  • Prospects, Leads, & Dead — All

CRM → Object Permissions

  • Opportunities & Quotes — View: All (Accounts / Contacts / Notes inherit View from Account & Contact Access above)

Projects → Permission Per Project Type

  • Client & Internal — View: All

Contracts → Object Permissions

  • Contracts — View: All, Add: None (Contract Visibility: Limited (Summary, Services, Notes), no Edit is sufficient)

Service Desk → Object Permissions

  • Tickets — View: All (required for Service Level Agreement Results)
  • Service Calls — View: All
  • Time Entries — View: All

Timesheets

  • View: All (time-entry access for the relationship-history layer)

Admin → Feature Access

  • Resources/Users (HR) ✅
  • Sales & Opportunities ✅
  • Finance, Accounting, & Invoicing ✅
  • Accounts & Contacts ✅
  • Service Desk (Tickets) ✅
  • Projects & Tasks ✅

Why Admin → Sales & Opportunities. Cotillion queries Autotask’s /OpportunityCategories/query endpoint to translate the numeric opportunityCategoryID on every opportunity (100 / 101 / 1 / …) into a human-readable label ("New Business" / "Existing Business Renewal" / "Existing Business Expansion" / …). Vendor portals (AWS Partner Central, Microsoft Partner Center) expect a categorical “Net New vs Expansion vs Renewal” signal on submitted opportunities; without this label the sync falls back to the raw integer and downstream vendor egress cannot pick the right category bucket.

Why Admin → Finance, Accounting, & Invoicing. Cotillion queries /Currencies/query to translate the numeric currencyID on companies and opportunities (1 / 2 / 3 / …) into the corresponding ISO 4217 code ("USD" / "AUD" / "GBP" / …). Every monetary field in the synced canon — amount, recurring revenue, one-time revenue, line-item unit price, line-item total — emits a paired *Currency companion holding the ISO code. Without this permission the lookup map is empty, the AI canon mapper has nothing to resolve currencyID = 1 against, and every *Currency field lands as null downstream.

Both endpoints are read-only system reference tables (currencies and opportunity categories), governed by the Admin section permissions in Autotask, not by the per-object CRM grid. Without these permissions the overall sync still succeeds but emits unresolved-label warnings and skips populating the dependent labels and currency companions.

Why Admin → Accounts & Contacts, Service Desk (Tickets), and Projects & Tasks. These three permissions unlock the reference tables Cotillion uses to build the partner trust profile — the credibility view vendors see during deal registration: which industries you serve, what your project portfolio looks like, what your service-desk specialization is.

  • Accounts & Contacts — unlocks /Classifications and /MarketSegments reference tables. Drives the partner’s industry-vertical profile (Healthcare / Finance / Manufacturing / Education / …) which the vendor uses to route the deal to the correct industry-specialist reviewer.
  • Service Desk (Tickets) — unlocks /TicketCategories and /IssueTypes. Drives the partner specialization signal (helpdesk vs managed-services vs implementation vs incident-response) used by vendors that scope opportunities by service mix.
  • Projects & Tasks — unlocks /ProjectTypes and /ProjectStatuses. Drives the partner project-portfolio breakdown (SaaS implementation vs migration vs ongoing managed) used by vendors evaluating delivery capability.

Without these, the trust profile still publishes the baseline metrics (total clients, years of experience, SLA-first-response rate, projects delivered, and company size — derived from your own company record’s employee count and shown only as a coarse band) but downstream industry-vertical and specialization signals are reduced to raw integer codes.

Why Contracts, Service Calls, Time Entries & Timesheets. These read-only grants feed the partner relationship-history layer — the engagement and delivery record behind your trust profile and partner-attribution scoring:

  • Contracts — recurring service-agreement data (term, period, renewal linkage). Drives the customer’s product-deployment + recurring-revenue (MRR/ARR) and retention picture per account — the basis for showing a vendor that a registered deal sits on top of an established, renewing relationship rather than a one-off.
  • Service Calls, Time Entries, Timesheets — the activity / engagement record (calls, meetings, delivered hours) per account and opportunity. Drives partner-attribution intelligence (how much real engagement preceded a win) and the relationship-tenure signal vendors weigh during co-sell.

All four are View-only and stay within the Cotillion processing boundary (hashed / aggregated, never re-exposed to other partners). They are requested upfront so the connection is configured once — granting them later would mean re-touching every connected account’s Security Level.

Web Services API → Feature Access

  • Can login to Web Services API ✅

Why read-only. Our integration never writes to Autotask. Granting any Add / Edit / Delete permission goes beyond what is required and is rejected during Datto’s pre-publication review.

Web Services API → Resource & Contact Impersonation tables — leave all checkboxes empty. Our integration does not impersonate other resources or contacts. Any checkbox set in those grids extends the API user’s effective permissions beyond read-only and is rejected during Datto’s pre-publication review.

Step 2 — Create a new API User

  1. Open Admin → Account Settings & Users → Resources/Users (HR) → Resources/Users, then click New → New API User.
  2. Fill in the basic resource information (First Name, Last Name, Email).
  3. Under Security, set Security Level to the custom level you created in Step 1 (Indyrct CRM Read-only).
  4. Scroll to the API Tracking Identifier section.
  5. Select Integration Vendor (not Custom, not None).
  6. From the Integration Vendor dropdown, select indyrct | Cotillion - Partner Portal Automation.
  7. Save & Close.

Why Integration Vendor, not Custom. Per Datto’s Vendor On-boarding guide, Custom (Internal Integration) tracking identifiers are not global — they work only inside the database where they were created. Integration Vendor is the only tracking type supported for multi-tenant SaaS integrations such as ours.

Step 3 — Generate Username and Secret

  1. Open the API User you just created.
  2. Click Generate Username — copy the generated value.
  3. Click Generate Key/Secret — copy the generated value.

Keep these values handy — the Secret is shown only once by Autotask. If you lose it, you’ll need to regenerate.

Step 4 — Connect in Cotillion

  1. Sign in to your Cotillion workspace at cotillion.indyrct.com .
  2. Open CRM / PSA in the sidebar → Connect → Autotask PSA.
  3. Paste the Username and Secret from Step 3.
  4. Click Test & Connect.

What happens automatically:

  • ✅ Cotillion auto-detects your Autotask zone (no zone selection needed).
  • ✅ Verifies the credentials against the Autotask REST API.
  • ✅ Encrypts them with an AWS KMS envelope before storing.
  • ✅ Starts a one-time backfill sync, then schedules recurring updates.

Step 5 — Optional — Exclude individual opportunities from the sync

Some opportunities should never appear in Cotillion — internal-only forecasts, personal experiments, deals that belong to a tenant you don’t want surfaced for vendor registration. You can opt them out by adding a custom User-Defined Field on the Opportunity entity and ticking it on the opportunities you want hidden.

In Autotask PSA:

  1. Open Admin → Application-Wide (Shared) Features → User-Defined Fields.
  2. Switch to the Opportunities tab and click New.
  3. Configure the field exactly as follows:
    • Namecotillion_exclude_from_sync (must match exactly — Cotillion looks for this name)
    • LabelExclude from Cotillion sync (or any wording you prefer — only the Name is matched)
    • Field TypeList
    • List values — add two entries:
      • Yes (active)
      • No (active, set as default if you want all new opps to sync)
    • Required — leave off
    • Visibleon
  4. Save & Close.

To exclude an opportunity, open it in Autotask, scroll to the User-Defined Fields section, set cotillion_exclude_from_sync to Yes, and save. On the next sync (within ~5 minutes), Cotillion will skip the AI canon mapper for that opportunity entirely.

Reversible. Setting the field back to No (or leaving it blank) re-includes the opportunity on the next sync. Cotillion does not delete previously-synced canon data when you flip the flag on — it simply stops refreshing it. Flip the flag off and the next sync brings the data back up to date.

How the sync works

CadenceWhat
Reference data refreshOnce every 24 hours: picklist values, UDF schemas, sales resources, countries, currencies, opportunity categories. These rarely change.
Opportunity syncEvery 5 minutes per organization: opportunities + their quotes + quote items + companies + contacts + notes.

The integration respects Autotask’s per-customer queue rate limits. Each sync is rate-limited per credential, and outbound traffic is logged in our operational dashboards for audit.

What gets synced and how it stays stable

Each sync produces a structured canonical view of every opportunity. The canonical view normalises the data so it can drive vendor registration (AWS / Microsoft) without the ambiguity of vendor-specific field conventions: amounts get explicit currencies, contacts get role flags (primary / decision-maker), and labels get resolved against your Autotask picklists.

Two guarantees Cotillion holds across syncs:

  • Customer and contact identity are stable. When you rename a company in Autotask, Cotillion picks up the new name on the next sync, but the same customer keeps the same internal identity — every opportunity that pointed to it before still points to it after. The same applies to contacts: a contact appearing on several opportunities is recognised as one person, not duplicated per opportunity.
  • Disconnect-then-reconnect is non-destructive. If you remove the Autotask integration in Cotillion and add it back later, your existing opportunities re-attach to the new connection without losing their vendor-registration history or per-line-item state.

Audit trail

Cotillion keeps an immutable record of every payload submitted to a vendor (AWS Partner Central, Microsoft Partner Center). The record captures exactly what was sent at submission time, independent of subsequent edits in Autotask or Cotillion. Customer name, contact details, and quote specifics on a submission stay frozen on the audit record even if the upstream Autotask record later changes.

Reference

Datto’s official help if your Autotask UI differs from the screenshots above:

Troubleshooting

Authentication fails on Test & Connect

The Username or Secret was mistyped, or the API User’s Security Level doesn’t have Web Services API → Can login to Web Services API enabled. Re-generate the Secret in Autotask (it cannot be retrieved later) and re-check the Security Level configuration from Step 1.

Zone discovery fails

Auto-zone-detection couldn’t resolve a regional Autotask URL for the supplied username. Confirm the username belongs to a real Autotask user account, not a placeholder.

Permission denied during sync

The API User’s Security Level is missing one of the required View permissions. Compare the level’s permissions against the table in Step 1; the sync error message identifies which permission is missing.

A specific symptom — the canon view has correct opportunity numbers but every *Currency field is null and / or opportunity category labels are missing — points to the Admin section permissions. Open the Security Level you created in Step 1, expand Admin → Feature Access, and confirm both Sales & Opportunities and Finance, Accounting, & Invoicing are enabled.

Rate limit reached

Autotask returned a 429 (rate-limited) response. Cotillion automatically backs off and retries; no action required.

An opportunity is missing from Cotillion

Check the opportunity’s User-Defined Fields in Autotask: if cotillion_exclude_from_sync is set to Yes (or to a True / 1 value on a Checkbox UDF), the opportunity is intentionally hidden — see Step 5 of the setup guide. Set it back to No to bring it back into the sync. The opportunity reappears on the next sync (within ~5 minutes) with all its data refreshed; you don’t have to manually re-sync.


For questions specific to the Datto Vendor On-boarding process, contact the Datto TAP team. For Cotillion-side issues, email [email protected].

Last updated on