Given that Rewst has high levels of access into MSPs and Child Tenants, Security should be a high priority for Rewst, as Supply chain attacks (Such as Kaseya, and Solarwinds) are examples of how Threat Actors can take over applications and have the potential to gain access into Sensitive Information, such as PII, HIPPA, PCI, and other data.
I would like to restrict access to my Org (and Sub-orgs) to just authorized users. If a Rewst staff member would like to access my Org for troubleshooting, I should need to give approval first, via the App. I should also be able to specify if they should have access to Sub-Orgs, and a time limitation, and level of access. Maybe only give access to just workflow results or read-only access for example.
If emergency access is needed, All Admins should receive a email saying that the Rewst Support engineer accessed my Tenant (With a support contact and reason why) and there should be a very limited number of users who can have the emergency access.
Either way, logs should also be visible in the Rewst Platform, and exportable to external SIEM/Log Collectors.