You're safe with us
We designed Parsec to be secure at its core. Whether you're working on a top-secret project or playing a game with your best friend, your safety is our top priority.
Peer-to-peer connections
Your data, secured
All connections traveling through Parsec are peer-to-peer. They never transit Parsec's infrastructure, so we couldn't see what you're doing even if we wanted to. Plus, we secure it even further:
- Native application peer-to-peer traffic is encrypted end-to-end using a shared 128-bit AES key.
- Web-client sessions are encrypted using DTLS.
Secure your experience
Add an extra layer of security
We take your personal security as seriously as your connection security.
- Use approved Apps to select what apps a connecting guest can see. If you select another app, that guest sees nothing. Learn how to enable Approved App settings.
- Multi-factor authentication (MFA) adds an additional security layer to your account to keep your password & login locked down.
Parsec for Teams and Enterprise adds the security and controls necessary for organizations
Shield your team from outside traffic
Parsec for Teams and Enterprise locks down the people and computers in your organization, giving you total control over who connects to what machines.
- A dedicated websocket is utilized to manage and block traffic outside your team.
- Provision team computers and make them visible to only the right people in your organization.
- Multi Group Membership provides admins fine grain controls to assign team members and team computers to multiple groups securely.
Control your team’s connections
Parsec for Teams and Enterprise administrators have access to a robust admin panel where they can create hierarchical roles, manage groups and connectivity permissions, set an idle kick timer, and configure SSO.
- Group team members by what they do or who they need to connect to. Also, customize their permissions and enforce app policies per user or per team computer.
- Assign predefined admin roles to functions across your team, or Enterprise customers can create their own.
- Integrate your SAML 2.0 Provider with Parsec to enforce single sign-on authentication.
Access additional advanced security features with Parsec for Teams Enterprise
Parsec for Teams and Enterprise includes additional features needed for automation, administration, and integration into your existing systems.
- Ensure reliable, performant connections by routing traffic through a high performance relay server.
- Assign predefined or custom admin roles to functional team members across your organization.
- Automate user provisioning and group setting assignments using an Identity Provider with SCIM Provisioning.
- Inspect usage and compliance with full connection audit logs.
- Securely integrate Parsec into your existing systems with API access for a scalable, automated remote infrastructure.
Have questions?
FAQs
General
Does Parsec undergo regular penetration testing?
Yes, Parsec undergoes regular penetration and vulnerability testing.
Does my remote desktop data ever go over Parsec servers? Can Parsec see my data?
Parsec peer-to-peer traffic is encrypted end-to-end using 128-bit AES-GCM key and web-client sessions are encrypted using DTLS with AES128 encryption. Additionally, all web traffic used for authentication and API communication is encrypted using TLS. Once a connection has been established between client and host, all data is transferred directly peer-to-peer, or optionally through a self-hosted relay server.
Are Parsec remote desktop sessions encrypted?
Yes, Parsec peer-to-peer sessions are encrypted using 128-bit AES-GCM.
How do I report suspected vulnerabilities?
If you would like to report a vulnerability or have a security concern, please email security@parsec.app.
Networking
Can I run Parsec over my VPN?
Yes but you may see a performance degradation when using Parsec over a VPN. We recommend upgrading to an enterprise plan to take advantage of our high-performance relay server, which allows Teams to route all traffic through an on-premises server. This configuration provides the security and reliability advantages of a traditional VPN without the negative performance impact.
Does Parsec work with a DMZ network?
Yes, the Parsec High-Performance Relay is specifically designed to meet the needs of security minded organizations that leverage DMZs. Learn more.
Can Parsec be used in an airgapped environment?
No, Parsec requires internet access for authentication and API communication. Communication with our APIs may be proxied, and remote connections may be relayed through an on-premises High-Performance Relay.
Guest Access
What controls do I have over an active Guest Access connection?
During an active Guest Access session, a Guest Access Manager can kick remove any connected Guests from the session. Additionally, authorized Team Members may connect to the Guest Session to observe or take control.
Team Computers
Can Team Computers be assigned to individual team members?
Yes. Once provisioned, a Team Computer can be assigned to either a single team member or predefined groups of members who share common hardware needs or connection habits. Once assigned, a Team Computer can only be accessed by team members with permission to do so.
Admin & Management
How can I prevent someone outside my organization from joining my team?
No one can join a Parsec team without receiving an explicit invitation to do so. Additionally, anyone invited to your Parsec team is only able to connect to the computers and hardware that have been explicitly assigned or made available to them. You can choose to invite people from outside your organization using our Guest Access feature, at an additional cost per invite.
What privileges do admins have and how do you manage admin?
Parsec for Teams includes three different levels of admins: Super Admins, Admins, and Guest Access Managers.
- Super Admins can access every facet of the admin panel, including billing, overall account settings, and crucial security settings.
- Admins are able to add and remove team members, manage groups, and assign groups and members to Team Computers.
- Guest Access Managers can invite guests to use computers provisioned for Guest Access.
- Parsec for Enterprise plans include the ability to make your own roles using Role Based Access Controls (RBAC). Super Admins can create as many custom roles as needed.
How can I control who on my team can connect to different computers?
Team Computers can be assigned to both individuals and groups of users directly from the Parsec for Teams admin panel. Any online computer that’s been assigned to a team member will be visible directly from their Parsec application.
Does Parsec support SSO or Okta?
Parsec for Teams includes support for a variety of SSO services through SAML 2.0. Once integrated, Parsec for Teams admins can enforce all team members to only access Parsec after logging in through SSO. You can learn more about setting up SSO for your team here.
Does Parsec support MFA/2FA authentication?
Yes: Parsec accounts can individually activate 2FA directly through their Parsec settings. A 2FA requirement may also be enforced on the team. If SSO has been activated, Parsec will no longer check for 2FA and rely on the configured identity provider (Okta, Azure AD, Google SSO, etc).
Go deeper on security
Visit our help center and get recommended Settings for Playtesting, Build Reviews, and QA
Security Basics
Recommended Settings for Playtesting, Build Reviews, and QASecurity Basics
Parsec for Teams Admin RolesSecurity Basics
IP Verification for TeamsAdvanced Settings
Using Advanced Settings In The Command LineAdvanced Settings
The Parsec Relay ServerNetwork Settings
Firewall Rule To Block Non-Teams Accounts From Hosting