The SuperAdmin and MSP console for the TATER platform. Included with every TATER subscription — not a separate product. Centralized identity, subscriptions and licensing, agent-fleet telemetry, remote command channel, vulnerability inventory across endpoints, integrations marketplace, and the cross-app audit log. Manage many client tenants from one place without re-permissioning users for every app they touch.
Every capability below is the SuperAdmin or MSP-level view across all TATER apps. Customer end-users never see this surface.
Centralized identity. Add a user once — they exist in every TATER app with the right role. SSO via Microsoft Entra ID; local password auth supported. Multi-org membership for MSPs and partners.
Per-org subscription state (active / suspended / pending / cancelled), seat limits, monthly rate tracking, MRR rollup. MSP-tier system with three access levels (Monitor / Operate / Manage) and per-client billing visibility.
Cross-app pageview telemetry, daily trend, top features, org engagement comparison, top referrers. Built-in beacon for marketing + docs sites. 90-day retention with TTL.
Cross-app audit trail with full attribution. Every action records actor + via channel (web / MCP / Copilot / Claude / agent / api / cron). Optional HMAC tamper-evidence signature on every audit entry.
Every TATER Agent reporting in — version, OS, last-seen, online status, MSI / Linux / macOS variants. Search and filter the fleet. Per-device drill-in to scan history, hardware inventory, vulnerability list.
Queue PowerShell / Bash scripts to any device. Run as system or user. Output capture (stdout/stderr clipped). Job-orchestrated batches via the Ops Script Library. Phase 2: multi-screen viewer for help-desk sessions.
Per-device installed software with CISA KEV correlation. Fleet-wide exposure summary. Click any device to see its software list + known exposures with KEV-hit flags.
Marketplace of 27 third-party connectors (CrowdStrike, Defender, AWS, GCP, Okta, etc.) and 4 Microsoft built-ins (Entra ID, Defender for Endpoint, Intune, Azure). Azure DevOps two-way sync for TATER Ops tasks ↔ ADO work items.
Per-org configuration for the TATER Bot in Microsoft Teams. Enable/disable, purpose (documentation / sales / training / custom), consent text, sensitivity blocklist. Edits propagate to the live bot within ~60 seconds.
Inline feedback collection from MCP-driven sessions. Agents submit findings + suggestions when a tool was confusing, missing, or didn't do what was expected. SuperAdmin reviews + closes the loop.
Per-tool policy controls — enable or disable specific MCP tools per organization. Block destructive operations for trial accounts. Allow advanced tools for trusted MSP partners. Audit every policy change.
Manage the version of the TATER Agent published to the fleet. Pin a release for stability, or roll forward for new features. SHA256 hash verification on every auto-update so endpoints can't be tricked into installing a bad binary.
Three-tier access model (Monitor / Operate / Manage) lets you control what each MSP technician can do in each client tenant. Per-client subscription tracking with MRR rollup. Reseller-style billing for the MSP, direct-bill for end customers — both supported.