One aspect of Secret Chest we planned from day one was to support Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), and consultants. There was math and dealing with passkeys to build, but we're heading into the MSP epic now. Our first release to provide such support provides a new Organizations tab. An account can create multiple organizations, each with its own IdP. From there, the organization can have users and groups unique to it.
To create an organization, click on the link for Organizations in the sidebar and then click on Add Organization.
The modal will then prompt for the organization name, and all the other information necessary for the Organization to work.
A few things to know:
Admins: When the organization is created, it will automatically create a Secret Chest Administrators group. This will initially only have the user who created in it. However, it's simple to add admins from the tenant that was just created, should the customer need to have their own admins.
Billing: The current flow we have is for the account owner to use the Stripe ID to setup billing. Basically go to billing, add an instance, grab the ID, enter it there. We may make that a drop-down at some point, but we are unsure if the MSP or customer will use their own Stripe instances. We'll monitor and see how it's used and try to take away this small bit of friction in the future. But for now, it's the flow we are providing (and really, it just takes a few seconds, but it's a few seconds we wanna' fix.
Offboarding: No matter how good an MSP or MSSP is to their customer, sometimes they have to do their own thing. We can easily disassociate the creator of an account with the organization; however, we aren't exposing that in a GUI until it's happened a few times and we can properly solution for it. But we're happy to do it manually on our side if you open a support request.
API access: As with everything in Secret Chest, there is API access to be able to augment Organizations. The IdP setup can't exactly be automated fully, given that there are credentials that get exchanged easily. If that's a big issue (e.g. you're ingesting 200 customers and need to automate the IdP federation), let us know as we'd be really curious to work with you on it. There are endpoints for creating users and groups as well, so once the organization is created, it's possible to grab the ID and automate those processes as well.
There will be a couple of quick updates to refine how the GUI looks and feels and try to make it more intuitive, but in general, we hope you like what we've built and are very open to requests that help us support MSPs and MSSPs better!
Since we are still in a private beta, if you're an MSP or MSSP and would like to know more about offering quantum-safe password, passkey, and other secrets management to your customers, use the signup form on our main page and we'll get ya' setup with an account!
Comments