MSP form production checklist
A production checklist for MSP forms covering customer context, PSA/RMM mappings, live dropdowns, approvals, webhook payloads, and portal publishing.
Before publishing an MSP form, verify customer context, tenant mappings, PSA/RMM IDs, live dropdown scoping, approval routing, form visibility, webhook payload shape, idempotency, and delivery monitoring.
Verify these before publishing.
Map the client organization
Confirm the form carries the correct customer, tenant, PSA company, RMM organization, and billing context.
Scope dynamic fields by customer
Customer-specific users, sites, devices, tickets, licenses, and contacts should not leak across organizations.
Use source-system IDs
Dropdown values should preserve stable ConnectWise, HaloPSA, CIPP, NinjaOne, Microsoft 365, or internal IDs.
Define the approval boundary
Require customer or manager approval before access, license, purchasing, maintenance, or privileged changes.
Test the portal experience
Verify the right clients can see the right forms and that public links do not expose customer-controlled content unexpectedly.
Check the workflow payload
Submit the real form and confirm the receiving workflow gets labels, IDs, organization context, approval state, and submission ID.
Monitor delivery
Make webhook delivery failures visible before a client assumes the request is being handled.
- A customer can see or submit a form meant for another organization.
- A dropdown returns users, sites, devices, or tickets from the wrong tenant.
- The workflow infers customer context from a typed company name.
- License or access changes can run without an approval decision.
- Webhook retries can create duplicate tickets or provisioning actions.
What should an MSP check before publishing a form?
Check customer context, organization scoping, source-system IDs, approval routing, portal visibility, final payload shape, idempotency, and webhook delivery visibility.
Why do MSP forms need tenant scoping?
MSP forms often load customer-specific users, tickets, devices, licenses, and sites. Tenant scoping prevents one client from seeing or submitting data for another.