Onboard a Client Tenant

use this guide each time you add a new client tenant to an existing ai soc mssp deployment the central tenant is already live; you copy central values, install client packages, configure sync in the new client, and validate propagation for first time mssp deployment (install all three solution layers and configure both tenants), use getting started for mssp docid\ ivvy6gxajwc34xvmnnqc instead of this guide before you start central tenant deployment is already active and operational you have admin access to the new client tenant and the central tenant you have approved naming conventions for client display names and tenant mappings you have a swimlane pat for turbine tenant credentials , session cookie values for ai soc tenant configuration (if required), and an admin privatetoken for ai soc mssp central sync gather values from the central tenant you do not reconfigure the central tenant during client onboarding copy values from the existing central deployment copy the ingest record from client webhook url, username, and password from the central tenant (documented under configure the central tenant in configure ai soc mssp docid\ azfpz c qlu3elvszkllw ) confirm the sensor is enabled copy central threat intelligence artifact cache application and observable field identifiers for the new client ai soc mssp client configuration asset (procedure find central ti cache identifiers in configure ai soc mssp docid\ azfpz c qlu3elvszkllw ) prepare the new client tenant create or verify the new client tenant confirm tenant users, roles, and access controls are configured confirm base ai soc dependencies are available for this tenant install client side solution layers install ai soc core solution in the new client tenant install ai soc mssp client extension in the same client tenant verify installation succeeded and mssp assets are present configure the new client tenant in the new client tenant only, complete the client sections in configure ai soc mssp docid\ azfpz c qlu3elvszkllw configure the client tenant (core assets and optional reporting workspaces) configure mssp client sync assets using the central values you gathered confirm client name in ai soc mssp client configuration matches how you filter records in central central case management validate client onboarding create or ingest a test record in the new client tenant confirm the record appears in central central case management with the correct client name confirm related observables appear or update in central threat intelligence artifact cache verify updates continue after additional status or field changes in the client tenant if validation fails, see validate and troubleshoot mssp sync docid\ qyesknwk rnsc1w1uax d common onboarding issues issue likely cause action hero ai or core playbooks fail in client missing turbine tenant credentials or ai soc tenant configuration complete configure the client tenant in configure ai soc mssp docid\ azfpz c qlu3elvszkllw new client records do not appear in central client endpoint or tenant identifier mismatch recheck configure mssp client sync assets in configure ai soc mssp docid\ azfpz c qlu3elvszkllw sync fails with authentication errors webhook credentials do not match align client sync asset and central ingest record from client webhook in configure ai soc mssp docid\ azfpz c qlu3elvszkllw ti cache does not update missing ti cache mapping values recheck find central ti cache identifiers in configure ai soc mssp docid\ azfpz c qlu3elvszkllw central api calls fail from the client tenant incorrect tenant base url , account id , or central tenant id recheck mssp client configuration and privatetoken