Provision Administrators

If SAML is configured, administrators do not need to be invited to the team like non-SAML users. SAML users will join the team and consume a seat after their first login via SAML. If your administrators will login against your SAML Identity Provider, please skip to the Roles and delegation section below to learn how to delegate roles after the new administrator(s) login with SAML.

If a SAML user is invited and then attempts to login via SAML, two seats will be consumed: one for the invite and one for the SAML user. If you have already invited your SAML users to the team but they have not yet accepted the invites, we suggest revoking their invites before they attempt to login via SAML in order to avoid consuming extra seats. 

If your organization plans to leverage SAML authentication, please see our article on SAML integration.

Inviting administrators

After the initial administrator has activated their account, they can begin inviting other administrators - it's super easy! Simply browse to the Members & Invites section of the admin portal and follow the steps below:

  • Click the 'Invites' tab, then 'Invite Team Members'


  • Provide the email addresses separated by a comma, space, or new line. The following example is a comma delimited list. Optionally, we can pre-assign administrators to a group. Click 'Send Invites'.


    • Please note, adding a user to a group does not delegate any admin permissions. Groups will be used to set connection policies. We will cover delegation of admin roles and permissions below.
  • Pending invites can be resent or cancelled from the 'Invites' tab.


Accepting invite to Team

After an administrator sends an invite, the invitee must accept before any roles can be delegated through via role based access control (RBAC). Follow the steps below to accept your invite!

  • Click 'Join Your Team Now' in your Parsec for Teams email invite.


  • Provide a username. Click 'Next'.


  • Create a password. Click 'Create Account'.


  • Configure a TOTP based authenticator application such as Authy or 1Password. After installing your authenticator app, scan the QR code with the authenticator app or manually provide the private key. Enter the 6 digit code provided by your authenticator app and a recovery email to recover your account in the event credentials and/or codes are lost or forgotten. Click 'Enable 2FA'.


  • Click 'Join Team'.


Roles and delegation

Roles can be either Global or scoped to a Group. All teams can assign predefined Global roles. Enterprise teams can also create custom Global and Group roles. There are three predefined roles available for all teams. These roles can be assigned to team members but they can not be edited. Multiple roles can be assigned to the same user in which case functionality is enabled when any of the assigned roles allow it. For additional information on roles, please visit the Roles article. To delegate role(s), follow the steps below:

  • On the Admin Roles page select a role.
  • Click 'Role Admins' tab.
  • Click 'Assign Role'.


  • Search for the user(s) who should have the selected role. Click 'Confirm'.