You're safe with us
We designed Parsec to be secure at its core. Whether you're working on a top-secret project or playing a game with your best friend, your safety is our top priority.
Peer-to-peer connections
All connections traveling through Parsec are peer-to-peer. They never transit Parsec's infrastructure, so we couldn't see what you're doing even if we wanted to. Plus, we secure it even further:
- All peer-to-peer traffic is encrypted end-to-end using DTLS 1.2 with AES128 encryption
- TLS: All authentication and API communication is encrypted via TLS
Secure your experience
We take your personal security as seriously as your connection security.
- Use approved apps to select what apps a connecting guest can see. If you select another app, that guest sees nothing. Learn more.
- Add an additional security layer to your account to keep your password & login locked down through multi-factor authentication
- If you spot a potential vulnerability or security concern, report it to security@parsec.app
Parsec for Teams adds additional security and controls for businesses
Block traffic outside your team
Parsec for Teams locks down the people and computers in your organization, giving you total control over who connects to who.- Parsec for Teams utilizes a dedicated websocket to manage and block traffic outside your team
- Provision team computers and make them visible to only the right people in your organization
Control your organization's connections
Parsec for Teams administrators have access to a robust admin panel where they can create hierarchical roles, manage groups, and get total visibility over Parsec usage.- Group team members by what they do or who they need to connect to, and customize their permissions
- Assign different admin roles to functions across your team, or enterprise customers can create their own
Plus, enterprises can benefit from advanced security features. Contact us to learn how.
Route traffic through a high performance relay server
View full connection histories across your organization
Create hierarchical administrative roles
FAQs
General
Does Parsec undergo regular penetration testing?
Yes, Parsec undergoes regular penetration and vulnerability testing.
Does Parsec do anything to prevent session re-use?
Yes, Parsec performs IP verification on suspected re-use. For more info check out our support article
Does my remote desktop data ever go over Parsec servers? Can Parsec see my data?
Parsec traffic is encrypted end-to-end using DTLS 1.2 with AES128 encryption. Additionally, all web traffic used for authentication and API communication is encrypted using TLS. Once a connection has been established between client and host, all data is transferred directly peer-to-peer, or optionally through a self-hosted relay server.
Are Parsec remote desktop sessions encrypted?
Yes, Parsec peer-to-peer sessions are encrypted using DTLS 1.2 with AES128 encryption.
How do I report suspected vulnerabilities?
If you would like to report a vulnerability or have a security concern, please email security@parsec.app
Networking
Can I run Parsec over my VPN?
Yes but you may see a performance degradation when using Parsec over a VPN. We recommend upgrading to an enterprise plan to take advantage of our high-performance relay server, which allows Teams to route all traffic through an on-premises server.
Does Parsec work with a DMZ network?
Yes, the Parsec High-Performance Relay is specifically designed to meet the needs of security minded organizations that leverage DMZs. Learn more
Can Parsec be used in an airgapped environment?
Unfortunately no, Parsec requires internet access for authentication and API communication. Communication with our APIs may be proxied, and remote connections may be relayed through an on-premises High-Performance Relay.
Guest Access
Can a Parsec host be impersonated if credentials are stolen?
A host session token from a team-managed machine could, if stolen, be impersonated, but only to act as host. In other words, someone could make their own computer available, but they wouldn't be able to connect to team computers themselves.
What controls do I have over an active Guest Access connection?
During an active Guest Access session, a Guest Access Manager can kick any connected Guests from the session. Additionally, authorized Team Members may connect to the Guest Session to observe or take control.
Team Computers
Can Team Computers be assigned to individual team members?
Yes. Once provisioned, a Team Computer can be assigned to either a single team member or predefined groups of members who share common hardware needs or connection habits. Once assigned, a Team Computer can only be accessed by team members with permission to do so.
Admin & Management
How can I prevent someone outside my organization from joining my team?
No one can join a Parsec team without receiving an explicit invitation to do so. Additionally, anyone invited to your Parsec team is only able to connect to the computers and hardware that has been explicitly assigned or made available to them. You can choose to invite people from outside your organization using our Guest Access feature, at an additional cost per invite.
What privileges do admins have and how do you manage admin?
Parsec for Teams includes three different levels of admins: Super Admins, Admins, and Guest Access Managers. Super Admins can access every facet of the admin panel, including billing, overall account settings, and crucial security settings. Admins are able to add and remove team members, manage groups, and assign groups and members to Team Computers. Guest Access Managers can invite guests to use computers provisioned for Guest Access. Parsec for Enterprise plans include the ability to make your own roles using Role Based Access Controls (RBAC). Super Admins can create as many custom roles as needed.
How can I control who on my team can connect to different computers?
Team Computers can be assigned to both individuals and groups of users directly from the Parsec for Teams admin panel. Any online computer that’s been assigned to a team member will be visible directly from their Parsec application.
Does Parsec support SSO or Okta?
Parsec for Teams includes support for a variety of SSO services through SAML 2.0. Once integrated, Parsec for Teams admins can enforce all team members to only access Parsec after logging in through SSO. You can learn more about setting up SSO for your team here
Does Parsec support MFA/2FA authentication?
Yes: Parsec accounts can individually activate 2FA directly through their Parsec settings. A 2FA requirement may also be enforced on the team. If SSO has been activated, Parsec will no longer check for 2FA and rely on the configured identity provider (Okta, Azure AD, Google SSO, etc).
Go deeper on security
Visit our help center and get recommended Settings for Playtesting, Build Reviews, and QA
Security Basics
Recommended Settings for Playtesting, Build Reviews, and QASecurity Basics
Parsec for Teams Admin RolesSecurity Basics
IP Verification for TeamsAdvanced Settings
Using Advanced Settings In The Command LineAdvanced Settings
The Parsec Relay ServerNetwork Settings
Firewall Rule To Block Non-Teams Accounts From Hosting