# Enterprise Admin
This Enterprise Admin Quick Start Guide covers the steps to:
* Part 1: Enable Team Access to PixieBrix
* Part 2: Provision PixieBrix at scale
## Part 1: Enable Team Access to PixieBrix
### Step 1: Sign up for PixieBrix
1. Visit:
2. On the login screen, authenticate with your preferred provider
* Google
* Microsoft (including Azure Active Directory)
* Email — sends a login link to your email
#### Troubleshooting
* [Enabling Login with Microsoft](/enterprise-it-setup/authentication/enabling-login-with-microsoft.md)
* [Troubleshooting Google Integration Errors](/integrations/google-drive/troubleshooting-google-integration-errors.md)
* [Network/Email Firewall Configuration](/enterprise-it-setup/network-email-firewall-configuration.md)
### Step 2: Create/Configure a Team
1. Open the Admin Console:
2. In the Admin Console, click Create Team and provide a team name
3. Invite your team members. See [Roles](/managing-teams/access-control/roles.md) for role-based permissions
4. Select Settings in the left side nav
5. Configure the Team scope and default role:
* Team scope: a unique account alias to namespace your team’s mods and bricks. *The scope cannot be changed once your team has created a mod*
* Default role: the default role for users automatically provisioned to your team
Admin Console > Settings > General Team Settings
### Step 3: Ensure Team Member Access/Authentication
Ensure your team members can access PixieBrix using your preferred authentication method:
* Google/Microsoft (OpenID)
* Account Login Emails (aka Magic Links)
* SAML/SSO
If running a pilot/POC, we recommend starting with Google, Microsoft, or Email login to get your team up and running quickly.
#### Step 3a: Allowlist PixieBrix for Google or Microsoft OpenID Authentication
{% hint style="info" %}
Allowlisting Login with Google/Microsoft required Admin Access to your Microsoft Azure and/or Google Workspace account
{% endhint %}
* Login with Google: [Control which third-party & internal apps access Google Workspace data](https://apps.google.com/supportwidget/articlehome?hl=en\&article_url=https%3A%2F%2Fsupport.google.com%2Fa%2Fanswer%2F7281227%3Fhl%3Den\&assistant_event=welcome\&assistant_id=mdmbot\&product_context=7281227\&product_name=UnuFlow\&trigger_context=a)
* Login with Microsoft: [Enabling Login with Microsoft](/enterprise-it-setup/authentication/enabling-login-with-microsoft.md)
#### Step 3b: Allowlist PixieBrix account login emails (aka Magic Links)
{% hint style="info" %}
Allowlisting PixieBrix emails requires Admin Access to your Email Provider
{% endhint %}
Follow the instructions to ensure the deliverability of system emails: [Network/Email Firewall Configuration](/enterprise-it-setup/network-email-firewall-configuration.md)
1. Allowlist the PixieBrix system email IP addresses
2. Allowlist the PixieBrix email domain
#### Step 3c: Configure SAML/SSO
{% hint style="info" %}
Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)
{% endhint %}
1. Follow the steps at: [Setting Up SAML/SSO](/enterprise-it-setup/authentication/setting-up-saml-sso.md)
### Step 4: Allowlist Outgoing Browser Extension Traffic to PixieBrix in the Network Firewall
{% hint style="info" %}
Allowlisting traffic requires Admin Access to your Network Firewall
{% endhint %}
1. Allowlist the required URLs: [Network/Email Firewall Configuration](/enterprise-it-setup/network-email-firewall-configuration.md)
### Step 5: Allowlist the PixieBrix Chrome Browser Extension
{% hint style="info" %}
This step requires Admin Access to your Enterprise Device Management policies
{% endhint %}
1. Allowlist the PixieBrix Chrome Browser Extension: `mpjjildhmpddojocokjkgmlkkkfjnepo`. See [Browser Extension Installation Policy](/enterprise-it-setup/browser-extension-installation-and-configuration/browser-extension-installation-policy.md)
## Part 2: Provision PixieBrix at Scale
{% hint style="info" %}
This step requires Admin Access to your Enterprise Device Management policies
{% endhint %}
### Step 6: Set up Automatic User Provisioning for your Domain
1. Email to enable automatic user provisioning for your email domain(s)
### Step 7: Force-install the PixieBrix Browser Extension
Follow the instructions at: [Browser Extension Installation and Configuration](/enterprise-it-setup/browser-extension-installation-and-configuration.md)
1. Force-install the browser extension
2. Configure the Browser Extension Policy
### Step 8: Create a Group for Group-Based Access Control
Follow the steps in the [Groups](/managing-teams/access-control/groups.md) documentation
1. Visit the [Admin Console](https://app.pixiebrix.com/)
2. Click the Groups menu item in the left side nav
3. Create a Group
4. Add group members in one of the following ways:
* Upload a CSV in the Admin Console
* Use the [Developer API](/developer-api.md) to update group membership regularly, or
* Contact to set up automatic group enrollment by email domain
### Step 9: Enable SAML/SSO
{% hint style="info" %}
Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)
{% endhint %}
1. Follow the steps at: [Setting Up SAML/SSO](/enterprise-it-setup/authentication/setting-up-saml-sso.md)
####
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.pixiebrix.com/quick-start/enterprise-admin.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.