GNETiX Docs
User management

MSP Management

Managing multiple organizations as an MSP

GNETiX supports Managed Service Provider (MSP) workflows where one organization manages multiple customer organizations. This enables a single team to oversee AI operations across all their clients from a unified interface.

How It Works

The MSP model is built on a simple org-level relationship:

  • A managing org is the MSP's own organization
  • Managed orgs are customer organizations that set the managing org as their parent
  • Any user with the msp_admin role in the managing org automatically gets cross-org access to all managed orgs
Managing Org (MSP)
  |-- msp_admin: Alice
  |-- msp_admin: Bob
  |
  |-- Managed Org: Customer A
  |-- Managed Org: Customer B
  |-- Managed Org: Customer C

Alice and Bob can access and administer Customer A, B, and C without needing separate accounts in each org.

Setting Up MSP Relationships

Only superusers can configure MSP relationships. This is a platform-level setting, not something org admins can change.

  1. Navigate to Organizations and select the customer org
  2. In Org Settings, find the Managed by dropdown
  3. Select the managing organization (the MSP)
  4. Click Save

The relationship takes effect immediately. All msp_admin users in the managing org now have access to this customer org.

Org Switcher

MSP admins see a list of their managed organizations in the org switcher (top of the portal navigation). They can switch between orgs to view and manage each customer's configuration, users, agents, and MCP servers.

The org switcher shows:

  • The admin's home org (always available)
  • All managed orgs (listed alphabetically)

When operating in a managed org's context, all actions are scoped to that org. The MSP admin sees the same view an org_admin in that org would see.

Cross-Org API Access

For programmatic access, MSP admins include the X-Org-Id header in API requests to specify which org they want to operate on:

curl -H "Authorization: Bearer <token>" \
     -H "X-Org-Id: <customer-org-id>" \
     https://api.gnetix.ai/api/users

Without the X-Org-Id header, requests default to the admin's home org.

Security Considerations

  • MSP admins have full org_admin-level access to managed orgs -- they can manage users, agents, tools, and settings
  • MSP admins cannot grant themselves superuser access or modify the MSP relationship
  • Managed orgs are fully isolated from each other -- an MSP admin switching to Customer A cannot see Customer B's data in that context
  • All MSP admin actions are logged in the audit trail with both the acting user and the target org

Roles & Permissions

Role hierarchy and what each role can do

Pipeline Monitor

Real-time message flow visualization

On this page

How It WorksSetting Up MSP RelationshipsOrg SwitcherCross-Org API AccessSecurity Considerations