Agencies running 50–500+ anti-detect profiles fail when client boundaries blur — one operator launches wrong profile, exports cookies to shared drive, or reuses proxy across verticals. Multilogin workspaces plus naming discipline fix governance without slowing ops.
Workspace structure
| Level | Purpose | Example |
|---|---|---|
| Workspace | Client legal boundary | client_acme_eu |
| Folder | Campaign or geo split | fb_ads_de, scraping_us |
| Profile | Single identity | acme_de_bm3_prod |
| Tag | Automation metadata | tier=warm, proxy=resi_de |
Role matrix
- Admin — billing, workspace create, member invite (founders only)
- Manager — profile create/edit, proxy assign, no billing
- Operator — launch/stop only, no export cookies
- Automation service account — API key scoped to folder via separate workspace
Profile pool tiers
- Warm — light browsing, not on critical ad spend
- Production — live BM/ad accounts, sticky proxy locked
- Burn — flagged/disabled, quarantined from API pools
Integrate with scaling guide queue — never auto-launch burn tier.
Client offboarding
- Revoke all member access same day
- Export profile list + proxy map for client handoff if contracted
- Rotate API tokens used by automation
- Archive workspace — do not reuse profiles for new client (cookie history risk)
Related
FAQ
One account for all clients?
Use workspace isolation and roles — never shared operator without ACLs.
Profiles per operator?
Cap manual concurrent launches; scale via API workers.
Disclosure: MLX-MMO affiliated with Multilogin. SAAS50 / MIN50.