# Teams

Teams are a user grouping mechanism in Cerby that allow you to manage access to accounts, collections, and secrets for multiple users at once. Instead of sharing resources with each user individually, you share them with a team and all members automatically receive the access level assigned to that team.

Teams exist at the workspace level and come in two types: self-managed teams that you create and maintain directly in Cerby, and identity provider (IdP)-synced teams that are automatically replicated from your corporate directory. Both types let you assign resources with a single action and keep access up to date as your organization changes.

## Key benefits

* **Simplified access management:** Share accounts, collections, and secrets with an entire group in one action instead of configuring access for each user separately.
* **Automatic access provisioning:** When a user joins a team, they immediately gain access to all resources already shared with that team. When they leave, their access is revoked automatically.
* **IdP synchronization:** Teams synced from your identity provider stay current without manual effort. Membership changes in Okta propagate to Cerby automatically, so your Cerby teams always reflect your corporate directory.
* **Granular role control:** Assign the **Owner** or **Collaborator** role to a team when sharing a resource, giving all team members a consistent level of access.

## Key features

### Team types

* **Self-managed teams:** Created manually in Cerby by any workspace user. You add and remove members individually, and the creator automatically becomes the Team Admin. Self-managed teams offer full flexibility and can be renamed, updated, and deleted within Cerby.
* **IdP-synced teams:** Created automatically when an Okta group is pushed to Cerby via the SCIM Group Push feature. Membership is managed entirely in Okta; the team appears as read-only in Cerby. Workspace Admins can assign Team Admins, but member changes must be made in the IdP.

{% hint style="info" %}
**NOTE:** Cerby currently supports syncing groups from Okta. Support for additional identity providers may be added in the future.
{% endhint %}

### Team roles

* **Team Member:** The default role for users who belong to a team. Team Members can view other members and the resources shared with the team. Their level of access to each resource is determined by the role assigned to the team when the resource was shared (**Owner** or **Collaborator**).
* **Team Admin:** An elevated role with permissions to manage team membership, rename the team, share resources with the team, and delete self-managed teams. The user who creates a self-managed team is automatically assigned the team Admin role. For IdP-synced teams, a workspace Admin must assign this role manually.

{% hint style="info" %}
**NOTE:** Guest users can be team Members but cannot be assigned the Team Admin role.
{% endhint %}

### Resource sharing

* **Accounts:** Share individual credential stores with a team. All Team Members gain access based on the role assigned at the time of sharing.
* **Collections:** Share groupings of accounts with a team so members can access multiple accounts at once.
* **Secrets:** Share secure secret entries with a team for centralized secrets management.

When you share a resource with a team, you assign one of the following roles:

| Role             | Permissions                                                                                  |
| ---------------- | -------------------------------------------------------------------------------------------- |
| **Owner**        | Log in to the account, manage settings, share the resource, view passwords in the UI and API |
| **Collaborator** | Log in to the account, view passwords via API only                                           |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.cerby.com/getting-started/concepts/user-management/teams.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.