Synthera ITAM is currently in beta.  Request access →
S Synthera ITAM
Capabilities overview

Every feature, grouped by what it does for you.

A detailed look at the platform — from how we keep your clients’ data physically separated to how a single technician moves through a multi-step service request.

01. Foundation

Multi-tenant by construction

Designed from day one around managed service operations — not retrofitted from a single-tenant tool.

  • Postgres row-level security Every tenant-scoped table has RLS policies enforced by the database engine. The application sets a session-local tenant ID; the storage engine refuses cross-tenant reads and writes. A query bug can’t leak data — the database physically blocks it.
  • Tenant switcher Technicians who manage more than one client switch between tenant contexts in a single click. JWTs are reissued, RLS context is updated, and the UI reflects the new tenant’s branding immediately.
  • Per-tenant feature gates Roll out features client by client. Beta opt-ins, paid-tier capabilities, and customer-specific functionality are all controlled centrally and cached for performance.
  • White-label branding Logos, colors, and custom domains per tenant. Your client doesn’t need to know which platform is behind their portal — or that you share it with anyone else.
02. Asset management

Track everything, find anything

From the laptop on a remote employee’s desk to the server in a rack you visited once last year.

  • Hardware & software inventory Custom fields, lifecycle states, ownership history, depreciation schedules. Search across every client or scope to one. Full-text search across asset metadata, comments, and attachments.
  • .NET 8 Windows collector agent A lightweight worker service walks your clients’ Windows endpoints and reports inventory automatically. Signed API key auth, tenant-scoped, idempotent — runs as a service, no logged-in user required.
  • QR code labeling Generate and print QR labels that resolve to the asset’s record. Scan in the field with any phone — instant context, no asset-tag-spreadsheet ritual.
  • Floor plan builder Upload PDF floor plans, place assets with drag-and-drop, draw rooms and zones, and let technicians find the right rack on their first visit. Convex-hull room merge, snap-to-grid, full undo history.
03. Service operations

Templated workflows, tracked outcomes

Turn every recurring process — new-hire setup, terminations, hardware refresh — into a structured work order.

  • Onboarding & offboarding templates Define the standard kit for every role at every client — equipment package, accounts to provision, training to schedule. Trigger from a single name and start date.
  • Equipment packages Reusable bundles of hardware, software, and accounts. Define once per client; deploy with one click for every new hire.
  • Work order tracking Status, assignee, due date, comments, attachments, time logs. Filter by client, technician, or SLA window. SLA breaches surface automatically — you don’t learn about them from the customer.
  • Real-time notifications Server-sent events push status changes, assignment updates, and SLA alerts to the technicians who need them — without polling or refresh.
04. Security & compliance

Audit-ready by default

Every action attributable to a person, every secret encrypted, every change preserved.

  • AES-256-GCM encrypted credential vault Customer credentials are never stored in plaintext — not in the database, not in backups, not in logs. Per-tenant access policies control which technicians can decrypt which secrets.
  • Immutable audit log Every authentication event, every credential read, every privilege change — written to an append-only audit log with full actor, target, and IP context. Hand it to a regulator, a customer, or your insurance carrier.
  • Granular RBAC with overrides Seven built-in roles (system admin down to viewer), plus per-membership grant and deny overrides. Give a contractor temporary access to one client’s ticket queue without exposing your whole platform.
  • Hardened authentication Argon2id password hashing, short-lived JWT access tokens, rotating refresh tokens, double-submit CSRF, TLS-only cookies, and rate-limited login attempts.
05. Integrations & extensibility

Plays well with the rest of your stack

Open APIs, signed webhooks, and developer-friendly tokens — without making integration the hardest thing about adopting a new tool.

  • HMAC-signed webhooks Outbound webhooks for every notable event — ticket lifecycle, asset changes, credential access. HMAC-SHA256 signatures, automatic retry with exponential backoff, append-only delivery log, auto-deactivate on persistent failure.
  • Per-tenant REST API + scoped API keys OpenAPI 3.1 spec, machine-readable docs, scoped tokens that respect the same RBAC and RLS as a human user. Build automations against your data without compromising isolation.
  • Email & transactional notifications Templated, brandable transactional email for password resets, work order updates, SLA alerts, and onboarding milestones. Bring your own SMTP or use ours.
  • PDF & report generation On-demand PDF exports for asset reports, work order summaries, audit trails, and compliance evidence. Hand them to clients, auditors, or your finance team.
06. Built for scale

Operational reliability you can stake a contract on

Asynchronous job queue, durable retries, observability hooks, and a deployment story you don’t have to babysit.

  • Durable async job queue Email delivery, webhook dispatch, agent ingestion, and report generation run on a dedicated worker pool with custom backoff and dead-letter handling. Outages don’t lose work.
  • Health-checked deploys Every deploy validates application health before completing. A bad release doesn’t reach your clients — the deploy aborts with the previous version still running.
  • Encrypted backups Off-site, encrypted backups of every tenant’s data. Tested restore procedures, retention you can configure per-client.
  • Designed for self-hosting (eventually) The full stack runs in Docker today. We’re finalizing a self-host path for partners who need on-prem deployment for their largest clients.

Want a deeper look?

Beta partners get personal walkthroughs, a dedicated Slack channel, and direct line to the team building the product. Limited slots remain for our current beta cohort.

Request beta access