Managed service providers

Provision and audit small-team identity without enterprise IAM weight.

You're running a managed service provider — a two-to-thirty-person shop carrying identity, endpoint, and helpdesk responsibility for a pile of SMB clients who can't justify an internal IT department. Your tooling stack is already a Microsoft 365 tenant per client, an RMM, a PSA, a documentation platform, and a handful of point tools you re-license each year. The last thing the bill of materials needs is another enterprise IAM seat-priced product whose pitch deck starts with "schedule a call with sales."

Llama Monkey ships LMID — an OAuth 2.0 identity provider built for small operators who need their own staff login surface without standing up Entra ID, Okta, or JumpCloud for what boils down to "a dozen people and the SaaS apps we use internally." LMID is for your shop's identity, not your clients'. We are explicit about that distinction below because the wrong fit for an MSP is treating LMID as a wholesale IdP for client tenants — that's not what it is, and the honesty up front saves the pilot.

What follows is the practical fit, the integration shape, and the five or six concrete scenarios where LMID is wrong for an MSP.

Recommended Llama Monkey products for managed service providers

One identity. Every product.

LMID gives your shop one OAuth-2.0 identity for the internal tools your technicians touch every day: the documentation wiki, the shared password vault, the time-tracking app, the on-call rotation tool, the internal status dashboard. Each of those is a SaaS product that wants its own login; each of those is a credential to rotate when a technician leaves; each of those is a place a breach can land. LMID collapses the in-house login surface into one account per technician, with the deprovisioning checklist that follows reduced to "disable the LMID account." Public client registration lands as part of LMID's staged 2026 GA — today we onboard MSP pilots by hand through the waitlist, which actually works well for the MSP shape (you're not going to integrate twelve internal tools in one afternoon anyway).

Where LMID fits in the MSP toolchain

The honest scope:

Your shop's internal SaaS sign-on. Internal wiki, password vault, ticketing, time-tracking, on-call. The twelve-to-thirty apps your technicians use to do the work. One LMID account per technician; deprovisioning is one disable click instead of twelve.

Your shop's internal tools and dashboards. If you've built a small internal admin app — a client-status dashboard, a renewal-tracker, a sales-pipeline viewer — LMID slots in as the OAuth provider behind its login button without you writing a password store you don't want to be responsible for.

Audit and rotation hygiene. One account directory means one place to answer "who has access to what," one place to roll on departures, one place to add MFA when the cyber-insurance renewal asks for it.

That's the shape. Note what's not on the list: client tenants, client-end-user identity, replacing Entra ID for any of your clients. LMID is not that product and is not on a roadmap to become that product.

When LMID isn't the right fit for MSPs

You need to be the IdP for your clients' end users. Your clients run Entra ID (formerly Azure AD) inside Microsoft 365 because that's what their licensing already pays for. LMID does not replace that and will not try to. If you need a wholesale IdP for client tenants, the right tools are Entra ID, JumpCloud, or — at the high end — Okta/WorkOS. LMID is for your shop's staff, not your clients'.

You need SAML, SCIM, or directory sync. LMID is OAuth 2.0 only. No SAML, no SCIM provisioning, no LDAP bridge, no Entra Connect-style directory sync. If your internal SaaS apps require SAML for SSO, LMID doesn't help.

Your cyber-insurance renewal demands SOC 2 / ISO 27001 reports for your identity provider. LMID is private beta; we don't have those reports yet. If your underwriter requires them today, this isn't the right timing.

You need conditional access policies, device compliance gating, or risk-based authentication. That's Entra ID P2 / Okta Identity Engine territory. LMID intentionally does not ship that surface — the buyer we're building for runs the IT shop, not a CISO function.

You're more than ~50 technicians. LMID is priced and shaped for indie operators and small teams. If you're past the point where the owner knows every technician by name, the operational shape stops being a fit.

Last updated: 2026-05-19