Ctrl+K
tatersecurity.com Open App

MSP Billing Guide

This guide covers how MSP partners manage seat licensing for their client organizations in TATER, including the Licensing page, seat limits, usage tracking, and how TATER Security provisions MSP subscriptions on your behalf.

Who This Guide Is For

This guide is for MSP OrgAdmins — staff at a managed service provider who manage TATER on behalf of multiple client organizations. For TATER Security staff managing the overall platform, see the Subscription Management guide.

On this page

How MSP Billing Works

TATER uses a reseller model for MSP billing:

  1. TATER Security provisions your MSP organization and sets your master seat agreement.
  2. Your MSP organization is marked as an MSP in TATER (the MSP Portal is enabled).
  3. TATER Security adds your client organizations and links them to your MSP organization.
  4. Your MSP staff can then manage your clients through the MSP sidebar group.
  5. TATER Security invoices your MSP at the agreed rate. Your MSP invoices your clients independently.

There is no self-service billing portal in TATER. All subscription changes (adding clients, changing seat counts, suspending orgs) require contacting TATER Security. Use the in-app feedback button or email your account manager.

Enabling the MSP Portal

The MSP sidebar group (Client Dashboard, Clients, Licensing, Organizations) is visible only when the MSP Portal is enabled for your organization. If you don't see these nav items:

  1. Contact TATER Security to confirm your organization is provisioned as an MSP.
  2. Ask a TATER Security SuperAdmin to open your organization's detail panel, scroll to MSP Portal, and check This is a Managed Service Provider org.
  3. Refresh the app — the MSP nav group will appear.

The Licensing Page

Navigate to: MSP → Licensing

The Licensing page shows seat usage across all your client organizations. It loads all clients linked to your MSP org via the MSP relationship records.

KPI Cards

  • Client Organizations — total number of client orgs in your MSP portfolio
  • Total Licensed Users — sum of all member counts across clients
  • Seat Capacity — sum of all seat limits set (blank = unlimited)
  • Over Limit — number of client orgs currently over their seat limit

Client Table

Each row shows:

  • Client Organization — name and org ID
  • Access Tier — T1 Monitor, T2 Operate, or T3 Manage (see Access Tiers)
  • License Typeper-user-all-features (standard) or custom
  • Users — current active member count
  • Seat Limit — configured maximum, or "Unlimited"
  • Usage bar — visual indicator of seats used vs. limit; turns red when over limit
  • Status — OK, Over Limit, or Unlimited
  • Set Limit button — opens a modal to configure the seat limit for that client

Setting Seat Limits Per Client

MSP OrgAdmins can set seat limits for their client organizations from the Licensing page.

  1. Navigate to MSP → Licensing.
  2. Find the client in the table and click Set Limit.
  3. In the modal, choose:
    • License Type: per-user-all-features (standard) or custom (for special arrangements)
    • Seat Limit: enter a number, or leave blank for unlimited
  4. Click Save. The change is applied immediately.
Seat Limits Are Advisory

TATER does not hard-block new users when a seat limit is reached. The limit is a monitoring signal — it turns the usage bar red and adds the org to the "Over Limit" KPI count so you can identify clients that need license upgrades. Contact TATER Security to adjust the underlying seat agreement if a client consistently exceeds their limit.

Client Access Tiers

When your MSP org is linked to a client org, you choose an access tier that controls what your MSP staff can do within that client's environment. Tiers are managed from the Clients page.

Tier Label Effective Role Permissions
T1 Monitor Auditor Read-only: view scans, controls, compliance status, reports. Cannot create overrides, assign controls, or make any changes.
T2 Operate OrgAdmin Everything in T1, plus: create risk acceptances, manage roadmaps, assign controls, trigger remediations, manage most GRC content.
T3 Manage OrgAdmin Everything in T2, plus: manage branding/white-label settings, API keys, tenant credentials, and advanced configuration.

To change a client's access tier:

  1. Navigate to MSP → Clients.
  2. Find the client and click the edit icon or the tier badge.
  3. Select the new tier and save.

Over-Limit Handling

When a client's member count exceeds their seat limit:

  • The usage bar on the Licensing page turns red.
  • The org appears in the Over Limit KPI count.
  • No access is blocked — existing users continue to work normally.

To resolve an over-limit condition:

  • Increase the seat limit: Click Set Limit and raise the number.
  • Remove inactive members: Navigate to the client org and remove unused memberships from the Members section of the Organization detail panel (requires T2 or T3 access).
  • Contact TATER Security if the client's commercial agreement needs updating.

Client Onboarding Workflow

When onboarding a new client through your MSP, the typical workflow is:

  1. Contact TATER Security to provision a new client organization linked to your MSP.
  2. TATER Security creates the org, sets billing type to msp, and links it to your MSP org at the agreed tier.
  3. From MSP → Clients, verify the new client appears with the correct access tier.
  4. From MSP → Licensing, set the seat limit for the client.
  5. Switch to the client org using the organization selector in the top bar.
  6. Add client users via the Organizations detail panel (Members section).
  7. Set up scanning infrastructure (webhook URL, certificates) in the Scan Infrastructure section.
  8. Trigger an initial scan from the client org context.
  9. Configure frameworks and compliance zones for the client's environment.
  10. Share the compliance dashboard URL (https://app.tatersecurity.com) with the client's security team.

Billing FAQ

Can I see my clients' monthly rates?

No. Monthly rates, invoice references, and internal notes are visible only to TATER Security SuperAdmins. As an MSP OrgAdmin, you can see seat usage and limits but not financial details. Contact your TATER Security account manager for billing specifics.

Can I suspend a client org?

No. Only TATER Security SuperAdmins can suspend or activate organizations. If a client needs to be suspended (e.g., for non-payment), contact TATER Security.

Can I add new client organizations myself?

No. TATER uses a sales-assisted model — new organizations are provisioned by TATER Security after a commercial agreement is in place. Contact your account manager to add a new client.

What happens when a client's seat limit is exceeded?

Nothing automated — users continue to have access. The Licensing page flags the org as over limit so you can address it. TATER does not auto-block or auto-suspend over-limit orgs.

Does TATER integrate with my PSA or billing tool?

TATER supports webhook-based SIEM integration and a Power Automate custom connector that can send compliance events (including scan completions) to external systems. For direct PSA integration (ConnectWise Manage, Autotask, HaloPSA), contact TATER Security — additional connectors can be built on request.

How do I switch between my client organizations in the app?

Use the organization selector in the top bar (the org name next to the TATER logo). Click it to open a dropdown of all organizations you have access to, then select the client org you want to work in.