White-labelling
Each client gets a branded portal. Their login page shows their logo and accent colour. MSP branding is never visible to client users.
How white-labelling works
When a browser opens acme.atechsolutions.org, Tether reads the subdomain,
resolves the tenant, and immediately fetches branding from
GET /api/public/branding — no authentication required.
The login page is rendered with the client's name, logo URL, and accent colour
before any login occurs.
Once the user logs in, the accent colour is applied as the active state for nav items, buttons, and focus rings throughout their portal. The Tether wordmark is never shown to client users — only to MSP staff on the root domain.
Configuring per-client branding
Go to Clients → Edit for any client and set:
| Field | Where it appears | Recommended value |
|---|---|---|
| Logo URL | Login page — replaces the Tether logo square | A publicly accessible HTTPS image URL. Recommended: 200×60px PNG or SVG on a transparent or matching background. |
| Accent colour | Login page tint, nav active state, buttons, focus rings throughout the portal | A hex colour code matching the client's brand. Light colours (high contrast against dark background) work best. |
| Company name | Login page heading, sidebar header when MSP staff are viewing | The client's full legal or trading name. |
Tether embeds the logo URL directly into the HTML. The image must be reachable without authentication — an internal network URL or a URL requiring a login will show a broken image. Use a CDN, object storage (S3, Cloudflare R2), or the client's own website.
Navigate to the client subdomain while logged out to verify the logo and colours appear correctly before sending invite links to the client.
Powered by Tether attribution
The client login page shows a small "Powered by Tether" link in the footer. This attribution helps MSPs using the hosted service drive awareness and inbound referrals.
Self-hosted installs: this footer is shown by default but can be removed by editing
frontend/static/js/views.js — search for Powered by Tether.
Hosted installs: contact [email protected]
to discuss white-label removal (Enterprise plan).
Custom domains for clients
A client can access their portal via a fully custom domain
(e.g. assets.acme.com) instead of the default subdomain
(acme.atechsolutions.org). This requires changes on both sides:
1. Client adds a CNAME at their DNS provider
text# In the client's DNS settings: assets.acme.com CNAME atechsolutions.org
2. Register the domain in Tether
httpPOST /api/tenants/{tenant_id}/domains?domain=assets.acme.com Authorization: Bearer {msp-admin-token}
3. Verify the domain
httpPUT /api/tenants/{tenant_id}/domains/{domain_id}/verify Authorization: Bearer {msp-admin-token}
Tether checks that the CNAME resolves correctly before activating the custom domain. If the DNS has not propagated yet, wait a few minutes and try again.
Your wildcard certificate (e.g. *.atechsolutions.org) does not cover assets.acme.com. For HTTPS on a custom domain, the client must either point it through Cloudflare (which provides free SSL) or you must add the domain to your certificate.
Remove a custom domain
httpDELETE /api/tenants/{tenant_id}/domains/{domain_id} Authorization: Bearer {msp-admin-token}
After removal, the custom domain stops resolving to Tether. The client reverts to their subdomain.