# Enterprise Admin
This Enterprise Admin Quick Start Guide covers the steps to:
* Part 1: Enable Team Access to PixieBrix
* Part 2: Provision PixieBrix at scale
## Part 1: Enable Team Access to PixieBrix
### Step 1: Sign up for PixieBrix
1. Visit:
2. On the login screen, authenticate with your preferred provider
* Google
* Microsoft (including Azure Active Directory)
* Email — sends a login link to your email
#### Troubleshooting
* [enabling-login-with-microsoft](https://docs.pixiebrix.com/enterprise-it-setup/authentication/enabling-login-with-microsoft "mention")
* [troubleshooting-google-integration-errors](https://docs.pixiebrix.com/integrations/google-drive/troubleshooting-google-integration-errors "mention")
* [network-email-firewall-configuration](https://docs.pixiebrix.com/enterprise-it-setup/network-email-firewall-configuration "mention")
### Step 2: Create/Configure a Team
1. Open the Admin Console:
2. In the Admin Console, click Create Team and provide a team name
3. Invite your team members. See [roles](https://docs.pixiebrix.com/managing-teams/access-control/roles "mention") for role-based permissions
4. Select Settings in the left side nav
5. Configure the Team scope and default role:
* Team scope: a unique account alias to namespace your team’s mods and bricks. *The scope cannot be changed once your team has created a mod*
* Default role: the default role for users automatically provisioned to your team
Admin Console > Settings > General Team Settings
### Step 3: Ensure Team Member Access/Authentication
Ensure your team members can access PixieBrix using your preferred authentication method:
* Google/Microsoft (OpenID)
* Account Login Emails (aka Magic Links)
* SAML/SSO
If running a pilot/POC, we recommend starting with Google, Microsoft, or Email login to get your team up and running quickly.
#### Step 3a: Allowlist PixieBrix for Google or Microsoft OpenID Authentication
{% hint style="info" %}
Allowlisting Login with Google/Microsoft required Admin Access to your Microsoft Azure and/or Google Workspace account
{% endhint %}
* Login with Google: [Control which third-party & internal apps access Google Workspace data](https://apps.google.com/supportwidget/articlehome?hl=en\&article_url=https%3A%2F%2Fsupport.google.com%2Fa%2Fanswer%2F7281227%3Fhl%3Den\&assistant_event=welcome\&assistant_id=mdmbot\&product_context=7281227\&product_name=UnuFlow\&trigger_context=a)
* Login with Microsoft: [enabling-login-with-microsoft](https://docs.pixiebrix.com/enterprise-it-setup/authentication/enabling-login-with-microsoft "mention")
#### Step 3b: Allowlist PixieBrix account login emails (aka Magic Links)
{% hint style="info" %}
Allowlisting PixieBrix emails requires Admin Access to your Email Provider
{% endhint %}
Follow the instructions to ensure the deliverability of system emails: [network-email-firewall-configuration](https://docs.pixiebrix.com/enterprise-it-setup/network-email-firewall-configuration "mention")
1. Allowlist the PixieBrix system email IP addresses
2. Allowlist the PixieBrix email domain
#### Step 3c: Configure SAML/SSO
{% hint style="info" %}
Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)
{% endhint %}
1. Follow the steps at: [setting-up-saml-sso](https://docs.pixiebrix.com/enterprise-it-setup/authentication/setting-up-saml-sso "mention")
### Step 4: Allowlist Outgoing Browser Extension Traffic to PixieBrix in the Network Firewall
{% hint style="info" %}
Allowlisting traffic requires Admin Access to your Network Firewall
{% endhint %}
1. Allowlist the required URLs: [network-email-firewall-configuration](https://docs.pixiebrix.com/enterprise-it-setup/network-email-firewall-configuration "mention")
### Step 5: Allowlist the PixieBrix Chrome Browser Extension
{% hint style="info" %}
This step requires Admin Access to your Enterprise Device Management policies
{% endhint %}
1. Allowlist the PixieBrix Chrome Browser Extension: `mpjjildhmpddojocokjkgmlkkkfjnepo`. See [browser-extension-installation-policy](https://docs.pixiebrix.com/enterprise-it-setup/browser-extension-installation-and-configuration/browser-extension-installation-policy "mention")
## Part 2: Provision PixieBrix at Scale
{% hint style="info" %}
This step requires Admin Access to your Enterprise Device Management policies
{% endhint %}
### Step 6: Set up Automatic User Provisioning for your Domain
1. Email to enable automatic user provisioning for your email domain(s)
### Step 7: Force-install the PixieBrix Browser Extension
Follow the instructions at: [browser-extension-installation-and-configuration](https://docs.pixiebrix.com/enterprise-it-setup/browser-extension-installation-and-configuration "mention")
1. Force-install the browser extension
2. Configure the Browser Extension Policy
### Step 8: Create a Group for Group-Based Access Control
Follow the steps in the [groups](https://docs.pixiebrix.com/managing-teams/access-control/groups "mention") documentation
1. Visit the [Admin Console](https://app.pixiebrix.com/)
2. Click the Groups menu item in the left side nav
3. Create a Group
4. Add group members in one of the following ways:
* Upload a CSV in the Admin Console
* Use the [developer-api](https://docs.pixiebrix.com/developer-api "mention") to update group membership regularly, or
* Contact to set up automatic group enrollment by email domain
### Step 9: Enable SAML/SSO
{% hint style="info" %}
Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)
{% endhint %}
1. Follow the steps at: [setting-up-saml-sso](https://docs.pixiebrix.com/enterprise-it-setup/authentication/setting-up-saml-sso "mention")
####
