Notifications
Clear all
Topic starter
11/06/2026 11:05 pm
TL;DR: Multi-tenant identity governance now depends on repeatable controls and auditability, not just faster administration, as JumpCloud reports. The operational lesson is that multi-tenant identity governance now depends on repeatable controls and auditability, not just faster administration.
NHIMG editorial — based on content published by JumpCloud: Multi-tenant portal governance for MSP identity operations
Questions worth separating out
Q: How should MSPs govern identity controls across multiple client tenants?
A: MSPs should govern identity controls with tenant-specific ownership, standardised templates, and retrievable audit evidence for every change.
Q: Why do multi-tenant identity platforms increase governance risk if they are not well controlled?
A: They increase governance risk because one configuration mistake can propagate across many client environments at once.
Q: What should MSPs look for in access review workflows?
A: They should look for tenant-owned review decisions, clear reviewer authority, and evidence that the review outcome actually changes access.
Practitioner guidance
- Separate template governance from tenant execution Treat policy templates as controlled artefacts with owner approval, version history, and rollback criteria before they are cloned into new client orgs.
- Enforce tenant-scoped audit evidence Require every remediation, lockout, and access review action to carry the client tenant ID, operator identity, and timestamp in a retrievable log.
- Standardise onboarding and offboarding workflows Use repeatable joiner-mover-leaver steps for client environments so access, device management, and admin rights are removed on a defined lifecycle schedule.
What's in the full article
JumpCloud's full article covers the operational detail this post intentionally leaves for the source:
- Walkthroughs of how the Multi-Tenant Portal handles cross-client policy deployment and remediation.
- Demo examples showing how MSPs can review access, patch devices, and clone tenant configurations.
- Operational scenarios for onboarding new client orgs without rebuilding the full identity stack.
- Interface-level detail on how the portal supports day-to-day MSP workflows across many tenants.
👉 Read JumpCloud’s overview of the Multi-Tenant Portal for MSP identity operations →
Multi-tenant identity operations: what MSP teams need now?
Explore further
12/06/2026 7:35 am
Multi-tenant identity operations are now a governance discipline, not just an MSP convenience layer. The article is really about the failure of single-tenant operating assumptions in a world where one team manages many client identities, devices, and policy sets. That shift matters because access, review, and remediation decisions now happen across boundaries that must remain provable. The practical conclusion is that MSP identity control needs tenant-aware governance, not just faster administration.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured, according to The 2024 ESG Report: Managing Non-Human Identities.
A question worth separating out:
Q: How do teams prevent shared-service admin access from becoming permanent?
A: Teams prevent permanence by tying admin rights to lifecycle events, time-bounded approval, and regular recertification. If shared-service access is granted once and never revisited, it quickly becomes standing privilege across multiple client environments. The safest model is explicit expiry, documented justification, and tenant-specific removal when the work is done.
👉 Read our full editorial: Multi-tenant portal governance for MSP identity operations
