Per-client PAM is unaffordable.
CyberArk or BeyondTrust at $30K+/yr per client deployment is impossible at MSP margins. The math doesn't work for clients paying $5K–$30K/yr for managed services. Most MSPs end up using shared internal credentials across clients — a compliance disaster the moment one client is audited.