Solutions · For MSPs & MSSPs
PAM as a service offering, not a per-client implementation project.
12Port is multi-tenant by design. One platform, every client, hard tenant isolation. Onboard a new customer in an afternoon. No agents, no per-client infrastructure, no rebuilding the integration each time.
Why MSPs pick 12Port
Built for the MSP business model.
Multi-tenant by design
One 12Port instance, every client. Hard tenant isolation at the data, configuration, and access-control layers. No shared credentials, no cross-tenant blast radius if one customer is compromised.
Onboard in an afternoon
Spin up a new tenant, point the broker at the customer’s privileged hosts, vault the credentials. Agentless. No software to push, no firewall rules to negotiate. The first client demo can be the actual onboarding session.
Distributed across networks
A distributed broker architecture reaches assets across isolated client networks (on-prem, cloud, and hybrid) without changing perimeter firewall rules. The customer’s NetSec team does not need to open inbound ports to your data center.
MSP-friendly licensing
Per-MSP licensing scales with your privileged-user count, not per-client SKUs. Margin-friendly. Co-sell support and a partner portal for collateral. See the partner brand kit →
How MSPs run it
Two operating models. Pick what fits your service tier.
MSP-managed. You host 12Port, your operators administer it on the customer’s behalf. Each client gets an isolated tenant with their own asset inventory, password formula, MFA rules, and audit log. Your team handles credential rotation, session reviews, and the auditor walk-through. Customer sees a clean, branded session-recording portal scoped to their assets.
Customer-tenant. The customer holds the 12Port tenant; you operate as a privileged contractor. Your operators authenticate via SSO with your IdP into the customer’s 12Port tenant. Their security team sees every action you take in their audit log. Transparent, contracted access without sharing credentials.
What scales with you
Capabilities that hold up at 50, 500, or 5,000 client tenants.
- Hierarchical container + tagging model so each tenant can be organized to match the client’s reality, not yours
- Auto-discovery of privileged accounts in Microsoft AD, Entra ID, AWS, VMware, and CSV imports, so new client onboarding doesn’t require manual asset entry
- SSO + MFA with the IdP your client already uses (Okta, Entra ID, ADFS, Duo, RSA SecurID, Yubikey)
- Full REST API for end-to-end automation: provisioning new tenants, rotating credentials, exporting audit packs to your ticketing system
- AI-powered session intelligence to flag anomalies across all tenants without proportional analyst headcount
- Per-tenant evidence pack generation: SOC 2, HIPAA, and PCI DSS audit deliverables ready to hand to the client’s auditor
Audit + compliance
Per-tenant evidence, hand-able to the client’s auditor.
Each tenant has its own audit trail: privileged session video, keystroke transcript, event log, and credential history. Export an evidence pack scoped to one client without dumping anything from another. SIEM integration via syslog, CEF, or LEEF.
12Port’s controls map cleanly to the frameworks your clients ask about, including SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF, CMMC 2.0. Use the same evidence model across every client tenant; only the per-tenant data changes.
Add PAM to your service catalog this quarter.
A 30-minute partner call walks through the multi-tenant model, MSP licensing, and how to demo 12Port to your first three clients.
