Configure Your Tenant Settings

AI INTEGRATIONBEST PRACTICESGUIDEIMPLEMENTATIONOPENFRAME

Phase 1 — Account & Workspace Setup · Step 2

Section

June 18, 2026

Published

Vladislav Marchenko

Vladislav Marchenko

Head Of Marketing

You just signed up. Before you start pushing agents to devices, take ten minutes to set up your workspace the way you actually run your shop. Most of this is one-time config, and getting it right now saves you from re-doing work once you've got a few hundred endpoints in play.

In OpenFrame, your workspace settings live in one place: the Settings hub. This guide walks you through every panel there, in the order that makes sense for a new tenant.


Before you start

You'll need Admin (or Owner) access to change these settings. OpenFrame uses two roles today — Owner (the founding account) and Admin — and both can configure the tenant. If you can't edit, ask whoever set up the tenant to add you as an Admin, or have them follow this guide instead.

That's the only prerequisite. You don't need a single device connected yet.


Where your settings live

Open the left nav and click Settings (gear icon, near the bottom). You'll land on a page with your profile up top and four cards:

  • AI Settings & Guardrails — pick the AI model and decide what Mingo and Fae can do on their own vs. what needs your sign-off
  • Employees & Permissions — add your team, set roles
  • API Keys Management — generate tokens for external integrations
  • SSO Configuration — wire up Microsoft 365 or Google Workspace logins

Two of these — Employees and SSO — have their own dedicated onboarding guides, so we'll point you there rather than repeat them. The one you really want to get right on day one is AI Settings & Guardrails, so we'll spend most of our time there.


1. Set up your admin profile

Top of the Settings page, click Edit Profile. You can set your first and last name and upload an avatar / cover image. Email and role are read-only here (role is managed under Employees & Permissions).

This is cosmetic, but it's worth doing — your name and avatar show up on tickets, audit logs, and anywhere your actions get recorded. When you've got a team, "who closed this ticket" is a lot easier to answer when everyone has a real name and face attached.

Hit Update Profile to save.


2. AI Settings & Guardrails — the one that matters

This is the heart of your tenant config. It's where you decide how much rope your AI agents get. Click into AI Settings & Guardrails.

Pick your model

At the top you'll see your LLM Provider and Provider Model (the demo runs Anthropic / Claude Sonnet 4.6) plus your Autonomous Policy. Click Edit Settings to change the model or provider. For most shops the default is fine — leave it unless you have a specific reason to switch.

Understand the guardrails

Below that is the AI Guardrails list — and this is the important part. Every sensitive action an agent might take is grouped into policy buckets:

  • File Operations — downloads, deletes, moves, uploads
  • System Control — shutdown, restart, killing or starting processes
  • Software Management — installing, updating, removing packages
  • Device Configuration — network and firewall changes, registry edits, user accounts
  • Monitoring & Diagnostics — reading logs, network tests, system info
  • Security Operations — access control, command execution, encryption, antivirus
  • Data Management — backups, exports, config changes
  • Communication & Messaging — alerts and user notifications

Each individual action is set to one of three behaviors:

  • Allow — the agent just does it, no interruption. Good for read-only stuff: listing processes, querying logs, checking performance.
  • Ask User — the agent pauses and asks for approval before running. This is your safety net for anything that changes state — deleting files, restarting a machine, installing software.
  • Ask Technician — escalates to a technician specifically. You'll see this on the heaviest actions (e.g. deleting user accounts).

How to set them

Out of the box, OpenFrame ships these sensibly: reads are Allow, anything destructive or state-changing is Ask User or Ask Technician. You usually don't need to touch much. The move on day one is to skim the list and decide where your comfort level differs from the defaults — for example, if you never want an agent uninstalling software unattended, confirm that "Uninstall software" is set to Ask User.

Click Edit Settings to change any of these, then save.

Why this matters: these guardrails are the difference between "Mingo quietly fixed 40 disk-space alerts overnight" and "an agent rebooted a client's production box at 2pm." Set them once, deliberately, before you turn agents loose on real devices.


3. Employees & Permissions

This is where you add your team and assign roles. OpenFrame uses two roles today — Owner and Admin — and new people are invited in as Admins. We cover it fully in its own guide — Invite Your Team to OpenFrame — so head there when you're ready to bring people on.


4. API Keys Management

If you're going to push tickets into OpenFrame from an external system, or wire up your own integrations, you'll generate tokens here. Skip it for now if you're not integrating anything yet — you can come back any time. See API Keys & External Integrations (Phase 8) for the full walkthrough.


5. SSO Configuration

Replace password logins with Microsoft 365 or Google Workspace. We strongly recommend doing this early so nobody on your team ever sets a standalone OpenFrame password. It has its own guide — Set Up SSO with Google or Microsoft — so start there.


A note on tenant name, branding, and time zones

If you came looking for a single "company profile" page to set a tenant name, upload your logo, and pick a time zone — OpenFrame doesn't work that way today, and that's worth knowing:

  • Branding and company names live at the customer level. When you add a client (Customers → Add Customer), you set their Customer Name, Website URL, and upload a Customer Logo (up to 25MB). Each client gets its own identity inside your tenant. See Organizations & Multi-Tenancy (Phase 3) for how this maps to your clients.
  • Device time zones are auto-detected. The OpenFrame agent picks up each endpoint's time zone on its own, so there's no tenant-wide time zone to set. Scheduled scripts and alerts respect the device's local time.
  • Your "tenant identity" is really your admin account plus your customer records. There's no separate workspace-name field to fill in.

If your shop needs tenant-level branding (a logo on the console, a custom workspace name), that's worth a feature request in the OpenMSP Slack — it's not in the product as of v0.9.19.


Quick checklist

Before you move on to deploying devices, confirm you've:

  • Set your admin name and avatar
  • Reviewed the AI model and Autonomous Policy
  • Skimmed the AI Guardrails and confirmed destructive actions are set to Ask User / Ask Technician
  • Decided whether to set up SSO now (recommended) or shortly
  • Noted that team invites and API keys are here when you need them

What's next

Your workspace is configured. Next up is Phase 2 — Device Deployment: getting the OpenFrame agent onto your first macOS and Windows machines and confirming they show up in the dashboard.


Based on OpenFrame v0.9.19. Screens and defaults may shift between releases — when in doubt, what's in your console wins.

Vladislav Marchenko

Head Of Marketing

Hi all! My name is Vlad and I’ve been brought on to head the marketing team at Flamingo. Thankfully, this isn’t the first time I will be building a marketing department from scratch, so the experience should come in handy. Now it’s time to dive into the world of MSPs and find myself in this new world.

Related Content

Product Releases

Webinars

Case Studies

Blog Posts

Frequently Asked Questions

MSP AI Agents

Yes. In production MSP shops today, 10% to 25% of tickets close before a human opens them. Thread alone has processed 173 million tickets across 750-plus MSP partners at 96% triage accuracy, handing back 490,000-plus technician hours. Agents own the low-risk, high-volume work (password resets, MFA enrollment, known installs, onboarding and offboarding) and flag anything that touches production data or needs judgment for a human to take.
On a five-person desk, reported deployments show $78,000 to $130,000 in annual direct labor savings, roughly 30% fewer escalations, and 15% to 20% better SLA compliance. Broader MSP adoption data adds ticket handling time cut by 45% and five to 12 points of margin, all from reclaimed capacity rather than headcount cuts.
ConnectWise AI is the umbrella for ConnectWise's AI features on the Asio platform: the Sidekick GenAI assistant and ConnectWise RPA. It handles ticket triage, sentiment analysis, AI-assisted scripting, and natural-language automation across PSA and RMM, delivered through the ConnectWise Pro package.

AI MSP

Most MSPs start with AI features inside their existing PSA, RMM, and ticketing systems rather than standalone products. Common categories include AI ticket triage, alert correlation, scripting assistants, and AI-native all-in-one platforms like OpenFrame that run intelligence across the whole stack.
Start with a readiness assessment, not a tool purchase. Confirm your ticket history is clean and your RMM, PSA, and monitoring systems connect. Then pick one high-volume, low-risk workflow, usually ticket triage, and pilot it on internal tickets before any client sees it.
Automate high-volume, low-risk tasks first. Ticket triage and alert noise reduction top the list because they run constantly and a human still resolves the underlying issue. Save security approvals, billing changes, and client-facing actions for later, always with a human in the loop.

AI Safety

It can be, with governance. Keep a human in the loop on high-risk actions, log every automated step for audit, and choose platforms that keep your data yours with no vendor lock-in. Pilot on internal data first so you catch issues before client systems are involved.

AI for MSPs

Set a baseline before rollout, then track tickets closed per technician, mean time to resolution, percentage of tickets resolved with no human touch, technician hours reclaimed, and cost per ticket. AI-driven automation commonly cuts operational cost per ticket by 25 to 40%.

About OpenFrame

OpenFrame isn't built to plug into your stack. It replaces it. Instead of duct-taping a dozen tools together (RMM, MDM, SIEM, patching, remote access, each its own login and bill), we bundle it into one unified platform: RMM, MDM, monitoring, automation, remote access, patch management, security monitoring, and ticketing, plus built-in AI copilots. So "does it integrate with X?" usually means: you won't need X anymore.

Open Source ITSM

FreeITSM is a free, open-source IT service management (ITSM) platform with twenty modules, including ticketing, a CMDB, a knowledge base, business-process mapping, and an AI integration. It was built by Ed Mozley, an IT manager at a London law firm.