Multi-tenant architecture
built for MSPs at scale
Gatekeeper's multi-tenant model is not a feature bolted onto a single-tenant system. It is a ground-up architecture where every client lives in a fully isolated tenant, data separation is enforced at the database row level, and MSP operators manage all clients from a single master account — without complexity overhead.
- Row-level tenant isolation
- Master account with cross-tenant view
- Remote node agents per site
- Unlimited tenants
Architecture pillars
How multi-tenancy works in Gatekeeper
Complete tenant isolation
Every client organisation lives in its own tenant with a unique org_id. Row-Level Security enforces strict data separation at the database layer — no tenant can ever access another's data. Master accounts have supervised cross-tenant read access for management purposes.
Per-tenant RBAC
Each client has its own role hierarchy: admin, security analyst, network operator, viewer. Permissions are scoped strictly to the tenant. MSP operators are assigned to specific client tenants with the minimum access level required for the engagement.
Remote node agents per site
Deploy lightweight Python agents on-site at each client. Agents perform local network discovery, asset scanning, SNMP polling, and syslog collection. All data is pushed securely to the client's tenant. Each agent is registered to its specific org and site.
Per-tenant API keys
Each tenant has independently scoped API keys for external integrations. ITSM connectors (ServiceNow, Jira, TOPdesk, Freshdesk), webhook rules, and SIEM ingest endpoints all operate within the tenant boundary. One integration misconfiguration cannot affect other tenants.
Per-client compliance reporting
Generate branded compliance reports per client across any of the 60+ frameworks (NIS2, ISO 27001, BIO, GDPR, SOC 2, and more). PDF exports include client name, evidence attachments, and coverage percentages — ready for auditors and executive stakeholders.
AI reports per tenant
The AI report generator produces executive summaries scoped to each client's asset inventory, security posture, and open tickets. Token usage is tracked per org. AI context never bleeds across tenant boundaries.
Client onboarding
From contract to operational in four steps
Onboard a new client
Create a tenant from the master account panel. Set the organisation name, assign an admin, configure license tier, and activate selected modules.
Deploy a site agent
Download the pre-configured agent ZIP for the client. Install on a Windows or Linux host on their network. The agent auto-registers to the correct tenant and begins scanning immediately.
Configure compliance & alerts
Select compliance frameworks, create detection rules, set SLA policies, configure on-call escalations, and connect to the client's ITSM tool — all within the tenant context.
Deliver branded reports
Generate AI-powered compliance and executive reports with the client's context. Export to PDF and share directly with stakeholders or regulators.
Management capabilities
Tools built for managing many clients
Master account dashboard
Single-pane view across all managed tenants. Health scores, open incidents, and compliance gaps per client at a glance.
Cross-tenant alerting
On-call schedules and escalation policies can be configured globally or per client, routing incidents to the right MSP team.
SOAR playbooks per tenant
Each client can have its own SOAR automation playbooks, or MSP-defined global playbooks can be deployed across tenants.
Per-client sites & racks
Model each client's physical infrastructure independently. Rack diagrams, floor plans, and asset-to-rack assignments stay within the client's scope.
Unlimited tenants
No hard limit on the number of managed organisations. Licensing is per-tenant — scale as your MSP business grows.
Per-client SIEM & threat intel
Detection rules, threat indicators, dark web monitors, and CVE tracking are all scoped per tenant. No cross-contamination of security data.
Scale your MSP
Manage all your clients from one platform
No tenant limits. Per-tenant licensing. Contact us for MSP volume pricing.
Explore more solutions
See how Gatekeeper fits your specific environment
NIS2 for Municipalities
Art. 21–23 compliance for local government
BIO for Government
Baseline Informatiebeveiliging Overheid
Air-gapped Deployment
Fully isolated, zero internet dependency
On-prem vs Hybrid
Choose the right deployment model
Healthcare
Medical device security & NEN 7510
Finance & DORA
ICT risk management for financial services
Utilities & OT
SCADA/ICS security for critical infrastructure
Education
Campus network security & BYOD management