Tenant Dashboard
Manage all BenchLab RFP client deployments from one place
1
Total Tenants
1
Active
$399
MRR
~45m
Setup Time
Active Deployments
+
Add New Client
Takes ~45 minutes end-to-end
All Tenants
Full list of all client deployments
β¦ Add New Client
Provision a new isolated tenant β ~45 minutes
π’ Client Information
-rfp.benchlabsolutions.com
Client URL: β
π Authentication β How will users log in?
Each client needs their own OAuth app to ensure their users can only access their data. Both Google and Microsoft can be enabled together.
π₯ Firebase Database β Isolated per client
β οΈ Each client must have their own Firebase project. Never share a database between clients β data must be fully isolated.
Firestore Rules to Apply After Setup
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}Security is enforced via Google API key domain restriction. Click Publish in Firebase Console.
π Cloud Storage Integration
π
Google Drive
Resume sync, RFP docs, folder browsing
- πEnable Drive API in Google Cloud Console
- πEnable Picker API in Google Cloud Console
- πAdd authorized domain to OAuth consent screen
Find folder ID in the Drive URL: drive.google.com/drive/folders/FOLDER_ID_HERE
π¦
Microsoft OneDrive
SharePoint & OneDrive for Business
Requires Microsoft Auth enabled in Step 2.
- πFiles.ReadWrite.All permission in Azure
- πSites.ReadWrite.All permission in Azure
- πGrant admin consent for org
π€ AI Proxy (Cloudflare Worker)
Each client should have their own Cloudflare Worker with their API key. Copy the BenchLab worker and deploy a new one at dash.cloudflare.com.
βοΈ Generated Configuration Block
β
Ready to deploy! Copy this into the constants section at the top of index.html
// Click Generate to create your config
π Deployment Checklist β Complete in order
- 1οΈβ£Paste config into index.html β replace all constants at the top of the <script> section
- 2οΈβ£Deploy to Netlify β drag index.html to app.netlify.com β new site β get Netlify URL
- 3οΈβ£Add custom domain in Netlify β Site config β Domain β Add custom domain β enter clientname-rfp.benchlabsolutions.com
- 4οΈβ£Add CNAME in Squarespace DNS β Host:
clientname-rfpβ Points to: Netlify URL - 5οΈβ£Google Cloud Console β OAuth Client β Authorized Origins β add
https://clientname-rfp.benchlabsolutions.com - 6οΈβ£Firebase Console β Authentication β Authorized Domains β add tenant URL
- 7οΈβ£Firebase Firestore Rules β paste rules from Step 3 β Publish
- 8οΈβ£Google API Key restriction β Cloud Console β Credentials β restrict key to tenant URL
- 9οΈβ£Test β open tenant URL β sign in β confirm empty RFP library β send client their URL + admin email
βοΈ Quick Config Generator
Paste values and get an instant deployable config
Client Details
π΅ Google Auth
π¦ Microsoft Auth (optional)
π₯ Firebase
π Drive Folders (optional)
Generated Config β paste into index.html
// Fill in the form to generate config
π₯ Firebase Setup Guide
Create an isolated Firebase project for each client (~10 min)
Step-by-Step Instructions
1
Go to Firebase Console
Visit console.firebase.google.com β Click "Add project" β Name it
clientname-rfp β Disable Google Analytics β Create Project2
Add a Web App
Project Settings (gear icon) β Your apps β Web icon β Register app β Name: "RFP Manager" β Don't enable Hosting β Register β Copy the
firebaseConfig object shown3
Create Firestore Database
Build β Firestore Database β Create database β Start in production mode β Select region (us-east1 recommended) β Enable
4
Set Firestore Rules
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}Firestore β Rules tab β Paste above β Click Publish
5
Enable Google Authentication
Authentication β Get started β Sign-in method β Google β Enable β Add support email β Save. Then Settings tab β Authorized domains β Add tenant URL
6
Restrict Firebase API Key
console.cloud.google.com β same Firebase project β APIs & Services β Credentials β click your Web API Key β Application restrictions β HTTP referrers β add
https://clientname-rfp.benchlabsolutions.com/* β Saveπ OAuth / Auth Setup Guide
Google OAuth Setup (~10 min per client)
1
Create a new Google Cloud project
console.cloud.google.com β top dropdown β New Project β Name: "ClientName RFP" β Create
2
Configure OAuth Consent Screen
APIs & Services β OAuth consent screen β External β App name: "ClientName RFP Manager" β Support email β Authorized domains:
benchlabsolutions.com β Developer contact email β Save and Continue through all steps3
Create OAuth 2.0 Client ID
Credentials β Create Credentials β OAuth client ID β Web application β Name: "RFP Web Client" β Authorized JavaScript origins: add
https://clientname-rfp.benchlabsolutions.com β Authorized redirect URIs: same URL β Create β Copy Client ID4
Create API Key
Credentials β Create Credentials β API key β Restrict: HTTP referrers β add tenant URL β API restrictions: Drive API + Picker API β Save
5
Enable APIs
Library β search and enable: Google Drive API, Google Picker API
Microsoft Azure AD Setup (~15 min per client)
The client must have an active Azure Active Directory (Microsoft 365 or Azure subscription). You'll need a global administrator to grant consent.
1
Register an App in Azure Portal
portal.azure.com β Azure Active Directory β App registrations β New registration β Name: "ClientName RFP" β Supported account types: "Accounts in this organizational directory only" β Redirect URI: SPA β enter tenant URL β Register
2
Copy IDs
From the Overview page, copy the Application (client) ID and Directory (tenant) ID β you'll need both for the config
3
Configure Authentication
Authentication β Add a platform β Single-page application β Redirect URIs: tenant URL β Enable: Access tokens + ID tokens β Save
4
Set API Permissions
API permissions β Add a permission β Microsoft Graph β Delegated permissions β Select: User.Read, Files.ReadWrite.All, Sites.ReadWrite.All β Add permissions β Grant admin consent for [org name]
5
Paste into Config Generator
Use the Client ID and Tenant ID in the Config Generator. The app uses MSAL.js for Microsoft sign-in and OneDrive access via Microsoft Graph API.
π DNS & Hosting Guide
Point a subdomain to each client's Netlify deployment
Netlify + Squarespace DNS (~10 min)
1
Deploy to Netlify
app.netlify.com β Add new site β Deploy manually β Drag the configured index.html β Copy the Netlify URL (e.g.
amazing-name-123.netlify.app)2
Add Custom Domain in Netlify
Site configuration β Domain management β Add custom domain β enter
clientname-rfp.benchlabsolutions.com β Verify3
Add CNAME in Squarespace
Squarespace β Domains β benchlabsolutions.com β DNS Settings β Add record β Type: CNAME Β· Host:
clientname-rfp Β· Points to: amazing-name-123.netlify.app β Save4
Wait for DNS propagation
Takes 5β30 minutes. Netlify automatically provisions an SSL certificate once DNS resolves. The site will be live at
https://clientname-rfp.benchlabsolutions.com5
Future updates
Netlify β Deploys tab β Drag new index.html β site updates immediately. No DNS changes needed.
DNS Records Summary (Squarespace)
| Type | Host | Points To | Purpose |
|---|---|---|---|
| CNAME | rfp | phenomenal-strudel-3f46a7.netlify.app | BenchLab main site |
| CNAME | clientname-rfp | random-netlify.netlify.app | Client 1 (add one per client) |
| CNAME | client2-rfp | another-netlify.netlify.app | Client 2 |
π Drive Integration Guide
π Google Drive
Users browse Drive folders to pull past proposals and resumes into AI-generated responses.
Features:
- β Browse My Drive + Shared Drives
- β Select any folder as context source
- β Read PDF, DOCX, TXT files
- β Sync resumes from shared folder
- β Search folder contents by keyword
- β Export proposals back to Drive
Required APIs:
β’ Google Drive API
β’ Google Picker API
β’ Google Picker API
π¦ Microsoft OneDrive / SharePoint
For Microsoft 365 clients β access SharePoint and OneDrive document libraries via Microsoft Graph API.
Features:
- β Browse OneDrive folders
- β Access SharePoint document libraries
- β Read DOCX, PDF via Graph API
- β Sign in with Microsoft 365 account
- βοΈ Requires Microsoft Auth enabled
- βοΈ Requires admin consent for permissions
Required Permissions:
β’ User.Read
β’ Files.ReadWrite.All
β’ Sites.ReadWrite.All
β’ Files.ReadWrite.All
β’ Sites.ReadWrite.All
π° Plans & Pricing
BenchLab RFP SaaS pricing tiers
Starter
$199/mo
Up to 5 users
- β Unlimited RFPs
- β AI proposal generation
- β Google Drive integration
- β Isolated database
- β Custom subdomain
- β Microsoft OneDrive
- β Multi-user collaboration
MOST POPULAR
Professional
$399/mo
Up to 15 users
- β Everything in Starter
- β Google Drive + OneDrive
- β Real-time collaboration
- β Tasks & audit log
- β Project estimation AI
- β Admin panel & branding
- β Priority support
Enterprise
$799/mo
Unlimited users
- β Everything in Professional
- β Custom domain (client's domain)
- β White-label branding
- β SSO / SAML
- β Dedicated Cloudflare Worker
- β SLA guarantee
- β Onboarding & training
Infrastructure Cost per Tenant
| Item | Cost | Notes |
|---|---|---|
| Firebase (Firestore) | $0 | Spark (free) plan handles most clients easily |
| Netlify hosting | $0 | Free tier is sufficient for single-page app |
| Cloudflare Worker | $0 | 100k requests/day free tier |
| Google Cloud APIs | $0 | Drive/Picker API free up to quotas |
| Anthropic API (shared proxy) | ~$5β20/mo | Depends on usage; per-client keys eliminate this |
| Total infra cost | ~$0β20/mo | Per client, depending on AI usage |