Managing and inviting people to use Parsec is super simple! In fact, the invitation and acceptance steps are exactly the same as the steps to invite an administrator, however in this case we will not be delegating any roles to the people who are simply using Parsec.
Table of contents
Inviting users
Accepting invite to Team
Assign people to groups
Delete people from your Team
Reset 2FA
Inviting users
This step is not necessary if your team uses SAML, because users will join the team and automatically consume the seat after their first login via SAML. If your team uses SAML, skip to the assign people to groups section. If you've already manually invited someone that will use SAML, we recommend revoking the invite to avoid the user consuming two seats.
An administrator with permission to invite users just needs to browse to the Members & Invites section of the admin portal and follow the steps below:
- Click the 'Invites' tab, then 'Invite Team Members'
- Provide the email addresses separated by a comma, space, or new line. The following example is a comma delimited list. Optionally, we can pre-assign administrators to a group. Click 'Send Invites'
-
- Please note, adding a user to a group does not delegate any admin permissions. Groups will be used to set connection policies. We will cover delegation of admin roles and permissions below
- Please note, adding a user to a group does not delegate any admin permissions. Groups will be used to set connection policies. We will cover delegation of admin roles and permissions below
- Pending invites can be resent or cancelled from the 'Invites' tab
Please note that a user cannot be part of more than one Parsec Team as Parsec will associate the user's email address with the first Team they are added to. If administrators from a second Team send an invite to that same email address, the user will receive the below error when they try to accept it.
If there is a use case for a single user to be part of more than one Team, a current workaround is to use email subaddressing. You can do this by adding a + and some suffix to the inbox name.
For example:
User email: user@parsec.app
Alias: user+alias@parsec.app
Emails sent to user+alias@parsec.app will be received by user@parsec.app. This will allow the user to be part of more than one Team without requiring them to have multiple inboxes. However, the user will need to keep track of the additional email addresses/Parsec logins for any additional Teams they are part of.
Accepting invite to Team
After an administrator sends an invite, the invitee must accept before any roles can be delegated through via role based access control (RBAC). Follow the steps below to accept your invite!
- Click 'Join Your Team Now' in your Parsec for Teams email invite
- Provide a username. Click 'Next'
- Create a password. Click 'Create Account'
- Configure a TOTP based authenticator application such as Authy or 1Password. After installing your authenticator app, scan the QR code with the authenticator app or manually provide the private key. Enter the 6 digit code provided by your authenticator app and a recovery email to recover your account in the event credentials and/or codes are lost or forgotten. Click 'Enable 2FA'
- Click 'Join Team'
Assign people to groups
If users were not assigned to a group during the invite process, they can be assigned to group(s) after they've accepted their invite. If the users should not have administrator roles, ensure that the 'admin role' value is empty. To assign a person to a group, or to change a person’s existing group membership, follow the steps below.
- On the Members & Invites tab ensure the 'Members' tab is selected
- Find and select relevant users
- Click 'Assign to Groups'
- Select the group(s) you would like to add the selected users to
- Deselect the group(s) you would like to remove the selected users from
- Click ‘Apply’
Delete people from your Team
Members of your Parsec Team consume a license. In order to "free up" a license, a user will need to be deleted. Follow the steps below to delete a user:
- On the Members & Invites tab ensure the 'Members' tab is selected.
- Find the relevant user
- Click the ellipsis '...'
- Click 'Remove user from team'
Reset 2FA
In the event someone loses access to their authenticator and/or backup codes, it is possible for an administrator to reset a person's 2FA. If an administrator resets a person's 2FA, an email will be sent with instructions to reset 2FA. To reset a person's 2FA, follow the steps below:
- On the Members & Invites tab ensure the 'Members' tab is selected.
- Find the relevant user
- Click the ellipsis '...'
- Click 'Send 2FA reset email'
- The recipient will receive an email that looks like this. They will need to click 'Reset my Two-Factor Authentication'.
- The person resetting their 2FA will then be prompted for their password to disable 2FA. They will have to enter the password and click 'Reset 2FA'
After resetting 2FA, please note there will not be an additional factor for authentication on the account that was reset. We highly recommend re-enabling 2FA on the account after resetting and regaining access. This is done on the account page.