MSSP client workspaces
Managed providers can separate alerts, investigations, reports and integrations per client.
Last updated 4/3/2026
MSSP workspaces are designed for managed providers who serve multiple end customers from one SOCPilot organization.
What is isolated per client workspace
- Alerts, investigations, evidence and timeline events
- Integrations, credentials and ingestion runs
- Briefs, compliance evidence packs and exports
- Reports and audit log scope
What is shared across the MSSP organization
- Analyst accounts, roles and shift schedules
- Suppression rules, playbooks and approval policies (optionally scoped per client)
- Cross-client dashboards available to MSSP leads
Permissions
MSSP analysts can be granted access to specific client workspaces only. Audit log entries always include the originating client workspace ID.
Related articles