Does Watchword support true MSP multi-tenancy?

Yes. Watchword is built on a parent-to-child tenant tree: your MSP tenant sits over unlimited client tenants and you switch context in a click with no re-login. Campaigns, templates, branding, and reporting are scoped per client, with a cross-client risk board aggregating phish-prone percentage and training coverage across your whole book.

How is MSP pricing structured?

You buy at $0.80–$1.50 per active user per month on sliding volume across your total managed seats, set your own sell price and margin, and bill through your PSA. Per-active-seat with directory auto-prune means you never pay for ex-employees. A free NFR tenant is included for your own team.

For MSPs, MSSPs & vCISOs

The multi-tenancy your awareness tool was supposed to have.

Q: Can clients use the compliance evidence?

Yes. Each client's training completions and simulation results become signed Awareness & Training evidence mapped to HIPAA, NIST 800-171 (CMMC L2), SOC 2, PCI, and ISO, and flow into the Sightline / Bastion / Ward posture graph.

"Does not handle multiple companies well; the admin workaround is clunky." That's the number-one complaint about the MSP-friendly awareness tools — and it's exactly the gap Watchword was built to close. True parent → child tenancy, one pane of glass, no re-login to switch clients, a cross-client risk board, white-label client reports, and strict per-tenant isolation — running today.

One pane of glass, every client

Tenant tree: your MSP tenant sits over unlimited client tenants in a single console. Pick a client in the tree and the Training, Templates, Simulator, and Program tabs all operate on that client.
Switch clients with no re-login: the whole tree is your operator context. One click swaps a client's roster, campaigns, assignments, and progress into the active context — no sign-out, no sign-in.
Cross-client risk board: one row per client — phish-prone %, high-risk count, completion %, and overdue training — plus portfolio totals, sortable so you know which client to work first.
White-label client reports: hand a client a report rendered in their brand color, headed with their name and a "prepared by [your MSP]" line — and stating plainly it contains no data from any other client.
Free NFR tenant for your own team.

Strict per-tenant isolation. Each client is a fully isolated child tenant with its own roster, campaigns, branding, and authorized send domains. Only the active client's slice is ever loaded into working state; the risk board reads a defensive copy of each client's own aggregates — never a merge, never recipient-level data across a client boundary. An authorization gate refuses any tenant outside your MSP subtree. These isolation properties are asserted by the project's verify suite. See exactly how isolation is enforced →

Partner economics: buy at $0.80–$1.50/user/mo on sliding volume across your total managed seats, set your own sell price and margin, and bill it through your PSA. Per-active-seat with directory auto-prune means neither you nor your clients pay for ex-employees.

Compliance evidence your clients can use

Every client's training completions and sim results become signed Awareness & Training evidence mapped to HIPAA, NIST 800-171 (CMMC L2), SOC 2, PCI, and ISO — and flow into the Sightline / Bastion / Ward graph. If you resell other DosanjhLabs tools, the evidence compounds: one program, many satisfied controls, across every client.

Send safely, per client

Every client tenant carries its own list of authorized send domains. A domain only earns a place on that list by passing a real DNS-TXT proof — publish the TXT record we give you, Watchword does a live DNS-over-HTTPS lookup and requires an exact match. A mandatory domain-authorization gate then clears each recipient per send: no proven domain, no send, ever, with scoped, short-lived per-(tenant, domain) tokens so a leaked token can't be replayed against another client. How sending safely works →

What's live vs. deferred: the multi-tenant console, no-relogin switching, cross-client risk board, white-label reports, per-tenant isolation, the domain-auth gate, and DNS-TXT domain proof all run today. The dedicated mail-transport runner (deliverability, open/click webhooks), live per-client SMS/voice send, M365/Google OAuth domain proof, and PSA billing sync (ConnectWise / Autotask / Halo) are wave-next. Until the runner ships, campaign results are modeled locally — so no email leaves your machine without an explicit live-send action.

Explore the app → See MSP pricing