Firing your Managed Service Provider (MSP) isn’t just about sending a termination letter; it’s about making sure you can still run your business afterward.
One of the most common (and dangerous) mistakes organizations make is cutting ties before securing all the critical credentials (usernames and passwords) they’ll need to operate and maintain their systems.
Without these, your transition to a new provider could be messy, expensive, and—in the worst cases—bring your operations to a halt.
Why Credentials Matter
When your MSP has admin-level access to your systems, they effectively hold the keys to your business.
If you don’t have those same keys, you’re at risk of:
- Downtime you can’t fix without their cooperation
- Security gaps you can’t close without privileged access
- Lost data if backups are tied to accounts you don’t control
If things turn sour, getting those credentials back can be time-consuming and contentious. That’s why you must secure them before starting the termination process.
The Must-Have List
Based on years of MSP transitions, here’s the bare minimum you should have in your possession before making a move:
1. Administrator & Service Account Credentials
- Active Directory (Windows domain) or your centralized authentication system
- Non-domain-joined computers (local admin accounts)
- Privileged accounts for cloud services (e.g., Microsoft 365 Global Admin, Google Workspace Super Admin)
- Service accounts for automated processes or system integrations
2. Network & Infrastructure Access
- Routers, switches, firewalls, wireless controllers
- VPN and remote access gateways
- Configuration backups for all network devices
3. Domain & DNS Control
- Credentials for your domain registrar
- Access to DNS hosting platform
- Documentation of existing DNS records
4. Licensing & Subscriptions
- Anti-virus/anti-malware software licenses
- Backup and disaster recovery system credentials
- Productivity suite licenses (Microsoft Office, Google Workspace)
- Security tools and monitoring system logins
5. Vendor & Application Access
- Admin accounts for industry-specific applications
- Credentials for hosting providers or cloud services
- Accounts for any MSP-managed web, email, or file hosting
Break-Glass Accounts: Your Emergency Plan
Even if you never plan to log in yourself, you should maintain “break-glass” accounts for all major systems — accounts you can use in emergencies if your MSP is unavailable.
These accounts should:
- Have full admin rights
- Use unique, complex passwords
- Be stored securely in a password manager or physical safe
- Be tested periodically to ensure they work
How to Request Credentials Without Setting Off Alarm Bells
If you’re not ready to tip your hand about firing your MSP, frame the request as part of:
- A cyber insurance requirement
- Board of directors or compliance audit
- A routine security review
This makes it a reasonable, business-driven request, not a red flag that you’re planning to leave.
Bottom line:
Before you fire your MSP, make sure you hold the keys to your kingdom. Without them, you’re setting yourself up for downtime, security risks, and an expensive scramble to regain control.
Need a full checklist of what to collect before switching IT providers?
Download our free Important Credentials Checklist to make sure nothing slips through the cracks. Get your copy here.
Leave a comment