For MSPs
Per-client tenant isolation at the crypto layer, delegated admin, cross-tenant incident coordination, and per-client compliance evidence. From onboarding a new client to handing one back, the same tool covers it.
Managed service providers juggle credentials, contacts, and emergency procedures for dozens of clients. Shared spreadsheets and generic password vaults do not provide the isolation, audit trails, or crisis coordination your clients expect — and they certainly do not survive a major outage. You also need the same tool to produce meaningfully different compliance evidence for each client's regulatory regime.
Each card pairs the operational moment with the capability Glassbreak offers for it. Grouped by lifecycle stage so an MSP can see end-to-end coverage.
Each new client needs a clean compartment — their own secrets, contacts, playbooks, audit log — with zero leakage from other clients on the same Glassbreak account.
A new organisation per client. Each org has its own root membership, role table, and encryption-key scope. Cross-org access is impossible at the data layer, not just at the application layer.
Enterprise clients want explicit admin / approver / requester separation. Small clients want one role. You should not have to rebuild role definitions for each client.
Pre-built role templates: solo-operator, small-team, enterprise-with-quorum. Spin up a new tenant from a template in minutes and customise from there.
Larger clients want to authenticate through their own IdP (Okta, Entra ID, Google Workspace). They also want offboarded users to be cut off automatically.
SAML / OIDC bridge on the Premium tier. Per-client IdP configuration; deprovisioning at the IdP propagates to Glassbreak through standard SCIM hooks.
Some clients want to manage their own team rosters; others want you to. You need to grant fine-grained admin to a client without exposing other clients.
Per-tenant role grants. A delegated client admin can manage members, roles, and policies within their own org and nothing else. The audit log shows who did what, when, in whose tenant.
Many of your clients share the same upstream vendors (cloud providers, payment processors, regulators). Each client maintaining its own contact list duplicates work and drifts out of sync.
A shared "vendor pool" inside your MSP organisation, with per-client opt-in references. Update once, propagate to all subscribed clients. End-to-end encrypted.
Each client has different break-glass policies. One requires 2-of-5 for prod-admin secrets; another requires 3-of-7; another wants 1-of-1 for low-risk credentials.
T-of-N is per-secret, not per-tenant. The DB CHECK constraint allows (T=1, N=1) personal or (T≥2, N≥T) team modes; each client configures its own thresholds.
When two clients have incidents at the same time, you need a single view that shows status across both without giving either client visibility into the other.
MSP-level dashboard with read-only visibility into incident status per tenant. Client secrets and chat remain encrypted — your MSP role sees timing + severity + assignment, not content.
During a client incident you need a coordinated channel with the client and any vendors involved — without that channel persisting visibly to other clients on your tenant.
Per-client conversation with end-to-end encryption. The MSP team and the client team can be added; vendor contacts can be temporarily invited. Transcript stays scoped to that client.
Wide-blast events (cloud regional outage, supply-chain compromise) affect many clients at once. You need to page out to multiple client teams in parallel without manual fan-out.
Multi-tenant escalation templates. Trigger once at the MSP level; per-client escalation chains fire in parallel; each client sees only its own page log.
Each client wants a clean SOC 2 / ISO 27001 / DORA / FCA audit pack — and not a mixed log that reveals other tenants exist.
Audit log is partitioned per tenant. Export only that tenant's rows; other tenants do not appear in either the data or the metadata. Acceptable for a regulator audit.
A UK client wants FCA OR evidence. An Australian client wants APRA CPS 230. A US healthcare client wants HIPAA. Same MSP, different obligations.
The Executives page maps Glassbreak controls to ~30 frameworks. The per-client audit trail is the evidence. Hand the relevant subset to each client's auditor.
US healthcare clients want a Business Associate Agreement; EU clients want a signed Data Processing Agreement under SCCs.
BAA + DPA + SCCs + UK IDTA + Swiss FADP addenda available on Premium. Sign one per client; legal terms reflect the per-tenant data separation.
When a client leaves, they want their data — secrets they have access to, contacts, audit trail — in a portable format. Not as a confusing blob.
Per-tenant export: encrypted secret payloads + the corresponding public keys, contact records, audit log JSON, playbook documents. Re-importable into another Glassbreak tenant or just stored as cold archive.
Standard SaaS offboarding marks a user as "deleted" but the server still holds the data. For break-glass tooling that is unacceptable — the leaving client should be cryptographically separated.
Per-tenant root keys are deleted on offboarding. Past audit log entries remain (for compliance), but no further decryption of that tenant's content is possible by anyone, including a Glassbreak operator with full DB access.
Tenant isolation that holds up, cross-tenant operability when it matters, and per-client compliance that does not require running five different tools.
Per-organisation key scopes mean cross-tenant data access is impossible at the encryption layer, not just the access-control layer. A compromised MSP admin role does not equal compromised client data.
Glassbreak is purpose-built for the break-glass case — not a replacement for ConnectWise / Datto / N-able. It sits on the resilience layer of your stack and never depends on the day-to-day tools.
AWS + Scaleway (Fly.io planned) independent verticals mean a single-cloud outage at your provider does not cascade into a multi-client SLA breach.
Whether your clients are under DORA, FCA OR, APRA CPS 230, HIPAA, MAS TRM, NYDFS, OSFI B-13, or any of the 30+ frameworks mapped, the same Glassbreak tenant produces the right evidence subset.
Bring an existing book of clients across by importing per-tenant. Premium tier includes guided migration sessions for MSPs onboarding more than 10 clients.
Free for one client / five members. Standard tier scales linearly with active client members. Premium gives unlimited tenants and the BAA / DPA package.
Free tier covers one team + five members — pick one client to load, run a tabletop, validate the audit export, and grow from there.
Get product updates and security insights. No spam, unsubscribe anytime.
We respect your privacy. See our privacy policy.
