Enterprise multi-brand 3PL standardizes AI across three TMS systems.

The starting point

A multi-brand 3PL that had grown through acquisition — five brokerages bought over the previous four years, ranging from 25-broker shops to a 90-broker mid-market acquisition. Total headcount across brands: 240 brokers and coordinators. Monthly load volume: ~22,000.

The pain wasn't any single TMS — it was that there were three. The flagship brand ran McLeod LoadMaster (the original brokerage, deeply customized, EDI-integrated to top shippers). Two acquired brands ran Aljex (now Descartes), the procurement team had been quietly told never to touch those contracts before they were up for renewal. The most recent acquisition ran Tai Software, which the operations team actually preferred. Migrating any of them was a multi-quarter project nobody had appetite for in year one of the rollup.

What the CEO wanted was simple: one AI productivity story for the whole company, one set of operational metrics across all five brands, one procurement and security review, one contract. What the COO wanted was no TMS migration on any brand. What the CISO wanted was SAML, SCIM, audit logs to Splunk, a signed MSA, and a security questionnaire that didn't require him to chase the vendor for a month to answer SOC 2 questions.

Why a single Keelway tenant worked

Multi-TMS support inside one Keelway tenant is a first-class capability. Each brand stayed on its own TMS as system of record — McLeod LoadMaster, Aljex, and Tai — and Keelway ran as the unified AI overlay across all three. From the broker's side, every broker still worked in the inbox + TMS combination they were used to. From the executive side, the COO had a single dashboard with coverage rate, time-to-cover, fraud-stopped, and broker productivity broken out by brand or rolled up across the company.

From the CISO's side: one tenant, one set of audit logs streamed to the corporate Splunk deployment, one MSA and DPA, one SOC 2 readiness conversation. SAML SSO via Microsoft Entra ID (Azure AD), SCIM provisioning to mirror the corporate IdP, RBAC mapped to existing employee roles with brand-level scope on loads and carriers.

The deployment

1. Weeks 1–2 — Procurement & security clearance. MSA and DPA executed with mutual redlines. Subprocessor list reviewed and approved by infosec. Penetration test summary reviewed under NDA. CISO sign-off on architecture review.
2. Weeks 2–3 — Identity & tenant. Dedicated tenant provisioned in AWS us-east-1. SAML SSO configured to Entra ID. SCIM provisioning live. RBAC roles defined per brand. Audit log stream into corporate Splunk deployment validated.
3. Weeks 4–7 — Brand 1 (McLeod, 90 brokers). McLeod integration configured. Phased rollout across reefer, dry van, and flatbed desks (about 30 brokers per week). Three weeks from first broker live to brand-wide cutover.
4. Weeks 8–11 — Brand 2 (Aljex, 70 brokers). Descartes Aljex integration configured. Slightly faster rollout because the brand's carrier book overlapped 22% with Brand 1 — Keelway already had FMCSA backfill on those carriers.
5. Weeks 12–14 — Brand 3 (Tai, 45 brokers). Tai integration configured. Rollout complete in three weeks; the operations team there had been advocating for AI carrier triage internally for a year and adoption was fast.
6. Weeks 14–18 — Brands 4 & 5 (small Aljex shops). Two 25-broker brands brought online inside the same Keelway tenant.

Total elapsed time from contract signature to all five brands live: 18 weeks. No TMS migration on any brand.

The metrics at month 12

• Coverage rate held or improved on every brand. Two of the five brands saw measurable improvement (+2–4 points); three held steady within ±1 point.
• Time-to-cover median across the company dropped ~58% (from a weighted-average 68 minutes to 28 minutes).
• Coordinator headcount stayed flat at 240 across 12 months while load volume grew 23%. The projected headcount avoided at the original growth-to-headcount ratio was ~22 hires, roughly $1.4M loaded.
• Fraud catches: 14 confirmed double-brokering attempts caught and declined. Two confirmed chameleon-MC bookings detected before pickup. Estimated cargo claim exposure avoided: $180K–$220K based on the brokerage's internal incident cost model.
• Uptime: 99.97% trailing 12 months against the 99.9% contractual SLA — no service credits triggered.

The contracting shape

Three-year enterprise agreement, custom pricing modeled on rolled-up load volume and seat count. Dedicated tenant in AWS us-east-1 with DR in us-west-2. SAML SSO via Microsoft Entra ID, SCIM 2.0 provisioning, audit logs streamed to corporate Splunk in near-real-time. Signed MSA, signed DPA, mutual NDA in place from the discovery phase. 99.9% uptime SLA with service credits. Named CSM, named SE, named technical account manager. 24/7 incident response via Slack Connect shared channel.

See Keelway Enterprise for the full contracting and infrastructure posture, or the security page for the compliance specifics this customer cleared.