Multi-tenant SaaS management: what MSPs need to govern now

TL;DR: MSPs now manage dozens of client SaaS environments while enterprises average more than 130 SaaS apps and 40% of SaaS apps are bought outside IT oversight, according to Josys. The operational problem is no longer visibility alone but whether lifecycle, access, and license governance can scale across tenants without eroding security or margins.

NHIMG editorial — based on content published by Josys: The MSP’s Guide to Multi-Tenant SaaS Management: From Visibility to Governance

By the numbers:

• Enterprises now use over 130 SaaS apps on average, a figure that has grown 30 percent annually since 2018.

Questions worth separating out

Q: How should MSPs govern SaaS access across multiple client tenants?

A: MSPs should govern SaaS access by tenant, not by shared admin convenience.

Q: Why do shadow IT apps create a governance problem for MSPs?

A: Shadow IT creates a governance problem because MSPs cannot secure, review, or revoke what they cannot see.

Q: What should security teams measure in multi-tenant SaaS governance?

A: Security teams should measure discovered app coverage, dormant account volume, license reclamation rates, and the share of client SaaS under delegated control.

Practitioner guidance

• Build tenant-by-tenant discovery coverage Map sanctioned apps, shadow apps, user assignments, and API integrations for each client before standardising any governance workflow.
• Tie offboarding to entitlement reclamation Make deprovisioning, license reassignment, and dormant account cleanup part of the same tenant-specific workflow.
• Separate client administration with reusable role templates Create client-specific RBAC templates that preserve least privilege while allowing delegated administration.

What's in the full article

Josys' full blog covers the operational detail this post intentionally leaves for the source:

• A practical feature checklist for real-time discovery, usage tracking, and anomaly monitoring across SaaS tenants.
• Implementation guidance for automated provisioning, offboarding, and licence reclamation workflows in MSP operations.
• Examples of client-specific RBAC, permission templates, and selective delegation patterns for multi-tenant service delivery.
• An evaluation framework that ties SaaS management capabilities to margin, compliance, and scalability outcomes.

👉 Read Josys' guide to multi-tenant SaaS management for MSPs →

Multi-tenant SaaS management: what MSPs need to govern now?

Explore further

View Full Forum →  |  NHI Foundation Course →