# Teams ## Overview Teams allow multiple developers and form builders to collaborate and have access to Projects and Stages. Any user on the platform can create a new team. They can then assign that team to a project they own or administer. Teams are created and managed on the **Teams** tab of the Portal, outside of an individual project.\ \ After a team is created, Form.io users can be assigned to it, granting them access to the projects and stages associated with that team. Below is an overview of the Project and Stage level permissions, the difference between those levels, and what kind of permission levels those Teams can carry. {% embed url="" %} ### **Project Level Permission** Project level Teams are added to the entire Form.io Project, granting team members permission rights to all stages within the project, including the live stage associated with the live application. Project level teams are added to a project through the **Teams** tab of the project. ### **Stage Level Permission** Alternatively, teams can be added to specific stages of a project, restricting their permission rights to only designated stages within the project. Stage Teams are utilized when you want to delegate team permission to a specific stage, e.g. the Developer stage of a project, while restricting that team from accessing the Live stage connected to your live application or other stages within the project. ### **Project Vs Stage Level Permissions** It's important to understand that a team added on the Project Level will always override that same team added on the Stage level. Meaning, if '**Team A**' is added to the **Project** with **Admin** permissions, and that same **Team A** is added to a **Stage** with **Write** permissions, the Admin permissions at the Project level will be applied to all stages within the project and override the Stage Write permission. In other words, Stage teams are never additive to the Project Level. A Stage Team does require that same team added on the Project level with Access permissions. Once the Team has Access permissions to the project, Team Read / Write permissions can then be delegated to the desired Stage. Follow the links below for a walkthrough on adding Project and Stage Teams [**Project Teams Walkthrough**](#assigning-teams-to-a-project) | [**Stage Teams Walkthrough**](#stage-teams) ### **Team Permission Levels** Team Permissions are granted on the Project or Stage levels. The **Access** and **Admin** permissions are reserved for Project-level permissions only. Before a Stage Team can be added, a Project level team must be added with **Access** permission.

Permission	Description
Project Access	Grants team members access to a Project without giving any functional permission to read or modify. Project Access permission is granted to users who need Read, Write, or Admin permissions for a specific Stage, while being restricted from accessing the Live stage or other stages within the Project
Project \| Stage Read	Grants team members permission to read forms and submission data on the Project or Stage level. Forms and data cannot be modified.
Project \| Stage Write	Grants team members permission to read and update both forms and submissions on the entire Project or Stage level. This permission restricts access to the project's settings, configurations, and other sensitive information found in the Project/Stage setting tab.
Project Admin	Grants full access to the Project and Stage settings, configuration, and sensitive data configurations within the Settings tab.

## Team Creation To create a Team, click the **Team** button in the left-hand navigation bar on the main Portal page, outside of any Project. There are two types of Teams that can be created and managed: **Form.io User Teams:** Using the User's Form.io email address saved to the User Resource within the Portal Base project or registered using the SaaS offering.\ \ **SSO Teams:** The second method utilizes an SSO Provider that has been configured for the Portal environment. The SSO Team can automatically map Users with specific SSO roles to specific Form.io Teams within the deployed environment.\ \ The following sections document how to create and manage a team using both methods. {% embed url="" %} ![](https://3305536326-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MPHoF2HwOA0s5HV_AIB%2Fuploads%2FPc24q1DMJ1nugdm8CeoU%2Fteam1.png?alt=media\&token=2c433ffe-6c72-4004-bc47-dbdf24939d57) ### **Form.io User Team** Teams created using this method will include users saved to the User Resource (for self-hosted environments). If the Form.io SaaS model is being utilized, team members will be added using the Email address the Team Member used when registering with on the Form.io platform. {% hint style="info" %} Teams are managed using the **Team Resource** within the [**Portal Base**](https://help.form.io/deployments/portal-base-project)[ ](https://help.form.io/deployments/portal-base-project#team-and-team-member-resource)project. {% endhint %} 1. From the main portal page, click the **Teams** tab on the left-hand navigation bar 2. Click the +**Create Team** button 3. Input a **Team Name** 4. Click **Submit** to create the Team ![](https://3305536326-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MPHoF2HwOA0s5HV_AIB%2Fuploads%2FROAJEPvPJ9Ruym82Zh34%2Fteam2.png?alt=media\&token=be5b28b6-3984-4a25-b70d-8b77b9699f4f) The user that create the Team will be the Team Owner, and has the ability to manage team members and settings. Team Owners added to a project team are **not** Project Owners and are not granted any specific project permissions by default. #### **Adding Team Members** After creation, you’ll be redirected to the Teams page where you can add members to the team. When utilizing the deployed solution, the user must first be saved to the **User Resource** within the [**Portal Base**](https://help.form.io/deployments/portal-base-project#user-resource) project. For the SaaS model, team members must be **registered** users with Form.io before being added to a Team {% hint style="info" %} **Deployed Environments** - Team Members must be created within the **User Resource** of the Portal Base Project\ **SaaS** - Team members must be **registered** users with Form.io before being added to a Team {% endhint %} 1. Click the +**Add Member** button

2. Input the **User** **email** **address** saved to the User Resource or registered to the SaaS platform.

3. Click the **Submit** button to add the User to the Team\ \&#xNAN;*The user will then receive a Team Invite within the Team section of their main Portal page.* {% hint style="info" %} Adding a Team Member does **NOT** send an invitation email to the user. Instead, invites are accepted by the Team Member by logging in to their main Portal Page and accepting the invite from the Teams section. {% endhint %} #### **Accepting Team Invitation** Once a team member has been added, the member will be displayed on the Team View page. This member will not have access to the Team or Projects the Team has been assigned to until they have accepted the Invitation. Members who have not accepted the team invite will have a yellow "**Invitation** **Pending**" tag displayed under their email address 1. To accept a Team invitation, the invited Team Member should log in to the main portal page and click the Teams button in the left-hand sidebar.

2. Click **Accept Invitation** to join the Team * After accepting the invite, Projects assigned to the team will be displayed for the user on the main Portal page * Clicking **Reject** will remove the user from the Team

### SSO Team To map a team with an SSO Role, SSO integration must already be configured. For more information on SSO integration, please visit the [**Portal SSO**](https://help.form.io/deployments/portal-base-project/portalsso) documentation.\ \ When a team is configured as an SSO Team, the API platform expects this team should be mapped with SSO roles and users. To configure an SSO Team: 1. From the main portal page, click the **Teams** tab on the left-hand navigation bar 2. Click the +**Create Team** button 3. Check the **SSO Team** button 4. Input a **Team Name** \ The Team name **should** **match** **the** **role** from the **SSO** **provider** associated with the SAML users you want to add to the team. 5. Click **Submit** to create the Team

**SSO Team Members** When using **SSO**, it is not necessary to add individual SSO users to the Team since that will be handled automatically through the authentication process. Any SSO user authenticating will automatically be added to the Team name correlated with their SSO role of the same name. {% hint style="info" %} For more information on SSO integration, please visit the [**Portal SSO**](https://help.form.io/deployments/portal-base-project/portalsso) documentation. {% endhint %} Individual SSO users can still be added by inputting the SSO user email address when adding a Team Member. This is additive to the Team / SSO Role mapping. 1. Make sure the **SSO** **Team** option is **unchecked** to enable the addition of individual SSO users

2. Click the **+Add Member** button 3. Input the SSO user **email** **address** and click **Submit**

4. Ensure the **SSO Team** setting is **checked** after adding individual users {% hint style="info" %} **SSO Team Members** are not required to accept a Team invite and will automatically be added to the Team when the **SSO Team** setting is active. {% endhint %}

### **Team Admins** Team Owners can elevate regular Team Members to the role of **Team Admin**. As Team Admin, this member will carry additional permissions for managing the team, such as adding or removing members. Team Admins/Team Owners do not have any additional permissions for the projects assigned to the team. Their Team Admin rights are limited to managing team membership. {% embed url="" %} 1. Within the Team Modal, click the **gear** **icon** next to the Team Member 2. Click the **Make Team Admin** button

3. The User tag will change from Team Member to **Admin**

Team Admin **Permissions**: * Add Team Members * Remove Team Members * Delete Team ## Assigning Project Teams Once a Team has been created, the Team will be available for Project assignment. Only Project Owners or Project Admins can assign or remove Teams to a Project. {% embed url="" %} 1. As a **Project Admin** or **Owner**, navigate to the Project you wish to assign a Team 2. Click the **Teams** button in the left-hand navigation bar ![](https://3305536326-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MPHoF2HwOA0s5HV_AIB%2Fuploads%2FizGc3jiJl71zBZaQ72M4%2Fteam5.png?alt=media\&token=866c439b-ebfd-4bba-ae9f-01e0a141dd7a) 3. Click the **Add a team** dropdown and select a Team to add to the Project. {% hint style="info" %} Users can only add Teams they own or a member of {% endhint %} ![](https://3305536326-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MPHoF2HwOA0s5HV_AIB%2Fuploads%2FfAnbnm0UCx0Gid5eXOgC%2Fteam6.png?alt=media\&token=9dcfb177-ff7b-4f30-8bc3-7a2cbb8e4bc9) 4. After adding a team, **select** the **permissions** the team members should have. \ All Team Members associated with the Team will carry the selected Permission. \ \ Once a team has been assigned, all members of that team share the same assigned permissions. You can assign multiple teams to a single project for more control over different Teams. ![](https://3305536326-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MPHoF2HwOA0s5HV_AIB%2Fuploads%2FoEUlQeZEv0l8HkhZcVLY%2Fteam7.png?alt=media\&token=42ad8729-3d0a-4e0a-b011-273b529835cf)

Permission	Description
Project Access	Provides the user access to a Project without giving any functional permission to read or modify. Project Access permission is granted to users who need Read or Write permissions to a specific Stage, while being restricted from accessing the Live stage or other stages within the Project
Project Read	Grants team members permission to read forms and submission data on the Project level. Forms and data cannot be modified.
Project Write	Grants team members permission to read and update both forms and submission data on the entire Project level. This permission restricts access to the project's settings, configurations, and other sensitive information found in the Project/Stage setting tab.
Project Admin	Grants Read and Write permissions, as well as full access to the Project and Stage settings, configuration, and sensitive data configurations within the Settings tab.

## Assigning Stage Teams Teams can also be added to specific Stages within a project. Stage Teams are necessary if a user should have Team permissions for a specific stage (e.g., Development Stage) but should not have access to the Live (Production) stage or other Stages within the Project. {% hint style="info" %} Before a **Stage Team** can be assigned, the Team must first have access to the Project. {% endhint %} {% embed url="" %} **Project Access** 1. Click the **Team** tab in the left-hand navigation menu within the Project 2. **Add** the **Team** from the Team dropdown 3. Set the Team **Permission** to **Access** The Team will now have access rights to the project and can be added to a specific stage

**Adding Stage Team** 1. Click the **Stage** **dropdown** within your Project and **select** the **Stage** the Team should be added

2. Click the **Access** tab within your **Stage** 3. Select a **Team** from the **Add a team** dropdown 4. Set the **Permission** for the Team 5. **Save** the settings

Permission	Description
Stage Read	Grants team members permission to read forms and submission data on the Stage level. Forms and data cannot be modified.
Stage Write	Grants team members permission to read and update both forms and submission data on the Stage level.

### **Team Member Access** Once the Stage Team has been added, users assigned to the **Member** team will see the Project on their Portal home page. 1. Log in as a **Team Member** 2. Open the Project from the main portal page\ The user will be presented with a message stating they only have Access to the Project **You have been granted access to this project in order to access some stages. Please use the stages tabs to access a stage you have access to.**

3. Click the Stage dropdown and select the Stage for which the Team has Stage Permissions, in this case, the **Development** stage.

Team Members will have permissions rights configured for the team after clicking the Stage.

This method is used to split up different teams between stages giving granular permissions to the Project dependent on the Team Member. Specific teams would only have access to certain stages depending on the team's functionality and purpose (think Dev, Stage, Prod deployment workflows). These different stages would eventually be deployed to the main **Live** stage for production use. {% hint style="info" %} [**Click here**](https://help.form.io/userguide/projects/stages) for more information on how Stages are leveraged. {% endhint %}