SendRec Now Supports Team Workspaces
SendRec has always been a single-user tool. You record, you share, you see who watched. That works for solo use, but teams need shared libraries, permissions, and a way to manage who can do what.
v1.70.0 added team workspaces, and subsequent releases have expanded them with a viewer role, video transfer between scopes, workspace-level SSO (OIDC + SAML), and SCIM provisioning. Here’s how it all works.
What you get
Shared video libraries. Create a workspace, invite your team, and everyone’s recordings and uploads live in one place. Videos belong to either your personal account or a workspace — never both. Switch between them with the workspace switcher in the nav bar.
Role-based permissions. Four roles: owner, admin, member, and viewer.
| Action | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| View all workspace videos | Yes | Yes | Yes | Yes |
| Download videos | Yes | Yes | Yes | Yes |
| View analytics | Yes | Yes | Yes | Yes |
| Comment on videos | Yes | Yes | Yes | Yes |
| Create/record videos | Yes | Yes | Yes | No |
| Upload videos | Yes | Yes | Yes | No |
| Edit/delete own videos | Yes | Yes | Yes | No |
| Edit/delete others’ videos | Yes | Yes | No | No |
| Manage folders and tags | Yes | Yes | Yes | No |
| Manage branding | Yes | Yes | No | No |
| Invite/remove members | Yes | Yes | No | No |
| Change member roles | Yes | No | No | No |
| Transfer videos | Yes | Yes | Yes | No |
| Delete workspace | Yes | No | No | No |
| Manage billing | Yes | No | No | No |
| Configure SSO | Yes | Yes | No | No |
Viewers are free — they don’t count toward your member limit. Add stakeholders, clients, or executives who need to watch and comment without taking up a paid seat.
Video transfer. Move videos between your personal account and any workspace you belong to. Transfer preserves comments and view counts. Folder assignments and tags are cleared on transfer since they’re scope-specific. Videos must be in “ready” status to transfer — processing videos are blocked.
Email invites. Invite teammates by email. They get a link, create an account (or log in if they already have one), and land in the workspace. Pending invites are visible in workspace settings and can be revoked before acceptance.
Workspace branding and billing. Each workspace can have its own logo, colors, and footer — separate from personal branding. Billing works per-workspace: upgrade the workspace to Pro or Business directly.
Workspace SSO. Business plan workspaces can configure OIDC or SAML 2.0 SSO. Connect your identity provider, and members can log in with their corporate credentials. Optionally enforce SSO so non-SSO logins are blocked for workspace members.
SCIM provisioning. Business plan workspaces can generate a SCIM bearer token and point their IdP (Okta, Azure AD, etc.) at the SCIM 2.0 endpoint. Users are automatically provisioned as workspace members when assigned in the IdP, and deprovisioned when unassigned — no manual invite flow needed.
Free tier limits
- 1 workspace per user (as owner)
- 3 members per workspace (viewers don’t count)
- Pro and Business remove both limits
For self-hosters
Update your Docker image to latest and restart. The database migration runs automatically on startup — no manual steps. Workspaces are available immediately with no additional configuration.
docker compose pull sendrec
docker compose up -d sendrecHow we built it
The implementation touches every layer of the stack.
Database. Three core tables: organizations, organization_members, and organization_invites. Videos, folders, tags, analytics, and branding all gained an organization_id foreign key. SSO configuration lives in organization_sso_configs with AES-256-GCM encrypted client secrets.
Backend. A new internal/organization/ package handles CRUD, member management, invites, and middleware. The Middleware verifies membership and injects the user’s role into the request context. RequireWriter blocks viewer-role users from all write endpoints — videos, folders, tags, and playlists. Every video handler uses a shared orgVideoFilter helper that builds the correct WHERE clause based on role.
Frontend. The workspace switcher persists your selection in localStorage. The API client reads it and sends an X-Organization-Id header on every request. Workspace settings has sections for general info, members, invites, billing, SSO, and a danger zone. The viewer role conditionally hides all write actions — record, upload, edit, delete, pin, trim, organize — while keeping read actions visible.
Tests. 724 frontend unit tests, 874+ backend tests across 18 packages, and 18 Playwright E2E tests covering workspace CRUD, viewer restrictions, and video transfer.
API
All workspace endpoints are documented in the API reference under the Organizations tag. Key endpoints:
POST /api/organizations— create a workspacePOST /api/organizations/{orgId}/invites— invite a memberPOST /api/invites/accept— accept an invitationPATCH /api/organizations/{orgId}/members/{userId}— change a member’s rolePOST /api/videos/{id}/transfer— move a video between scopes
Set the X-Organization-Id header on any request to scope it to a workspace.
SendRec is open source and self-hostable. Try it at app.sendrec.eu or run it on your own infrastructure with Docker Compose.