One platform. Every client. Complete isolation.
Cirrova is purpose-built for MSPs managing Azure for multiple clients. Centralised control, strict data isolation between clients, and per-client reporting that you can share directly.
Managing multiple client environments is complex. It doesn't have to be.
MSPs managing Azure for multiple clients face a specific set of challenges: keeping client data completely separate, providing clients with meaningful cost reports, and having the visibility to identify cost issues before clients escalate them.
Cirrova's multi-organisation architecture is designed for exactly this. Each client is a separate organisation with full data isolation. You manage everything from one login. And when a client asks about their Azure costs, the data is already there.
Everything you need to manage Azure for your clients.
Multi-organisation architecture
Each client is a separate organisation with strict data isolation at the platform level. No client ever sees another client's data — enforced by the platform, not just the UI.
Centralised management
Manage all client environments from a single login. Switch between clients seamlessly without separate credentials or dashboard instances.
Per-client reporting
Generate and schedule per-client cost reports in PDF and XLSX format. Deliver them directly to your clients' inboxes on a schedule that works for them.
Anomaly detection across all clients
Get alerted when any client environment has an unexpected cost spike — before your client notices and before you get a difficult conversation. Route alerts per-client with scoped rules.
Webhooks into your PSA / RMM / ITSM
Cirrova's custom webhook channel delivers signed JSON events to any HTTPS endpoint. Auto-open tickets in ConnectWise or Autotask, push alerts into your RMM, or trigger Power Automate flows — without writing custom integrations.
Client-specific RBAC
Assign your team members to specific clients with specific roles. Give clients read-only access to their own data without exposing anything else.
Optimisation recommendations
Surface savings opportunities across your client estate. Use Cirrova's insights to proactively present cost optimisation value to your clients.
One identity for your whole team — across every client.
The familiar pain: guest accounts in every client tenant, per-client passwords, MFA enrolment chases, and that uneasy thought when an engineer leaves — did we actually remove them from everything?
Cirrova's multi-organisation model lets you run your MSP organisation against your own Entra tenant, and a separate Cirrova organisation per client against each client's tenant. Invite your engineers to each client organisation using their MSP email — e.g. jane@msp.example — even though that email belongs to a different Entra tenant from the client's. When Jane signs in, she authenticates against your tenant, sees the org switcher, and picks the client she wants to work in.
No guest accounts
Your engineers don't need accounts in any client's Entra tenant. None. MSP-staff identities stay in the MSP's tenant where they belong.
One identity, one MFA
One Microsoft sign-in covers every client organisation. One password to rotate, one MFA enrolment to manage — same as your other internal tools.
Offboarding in one click
Disable an engineer in your Entra tenant once. Access to every client organisation evaporates immediately. No per-client offboarding to remember or audit.
Plug Cirrova into the tooling you already run on.
Every MSP has a stack — a PSA for tickets and time, an RMM for monitoring, automation in Power Platform or Zapier, on-call paging in PagerDuty. Cirrova's custom webhook channel drops anomaly, budget breach, and snapshot failure events straight into that stack as signed JSON, so cost alerting runs on the same rails as everything else your team handles.
Add per-client tag filters to the routing rules and each client's events flow only into the right tickets, the right alerts, and the right channels. No middleware to maintain, no cross-client leakage, and a complete delivery history when something needs auditing.
- Per-client routing — scope rules to a tenant or tag so each client's events go where they should
- HMAC-SHA256 signed — your endpoint can verify every request really came from Cirrova
- Retried automatically — non-2xx responses retried on a documented schedule across 7 attempts
- Custom headers — add the auth header your PSA or automation tool expects