Hire WorkforceRequest Demo
Documentation
Start typing to search…

Settings

Details

In the Details tab, you'll see all the general information about your organization. This includes:

  • Organization Name - The name given to the organization.
  • Organization Owner - The email of the Organization Owner.
  • Creation Date - When the organization was created.
  • Expiration Date - When the organization’s contract will expire.
  • Active Members - The number of active members in your organization, and how many you can still invite. Pending members aren’t shown here, but they do count toward the overall limit. You can remove the pending users to make more room if needed.
  • Used Items - The amount of used items in your organization and how many more you can upload, create or generate. Deleted items still count toward this limit.

Security

In the Security tab, you can enable or disable the Single sign-on (SSO), which allows users to access multiple corporate applications, websites, and data for which they have permission with a single set of login credentials.

SuperAnnotate supports SAML 2.0 single sign-on with the following identity providers: Azure AD, Okta, Ping Identity, and more.

This feature is available for Enterprise users.

📘

Please note that only organization owners have permission to set up SSO for your organization, and that SuperAnnotate supports only SP initiated single sign-on.

Enable SAML single sign-on (SSO)

If your identity provider is Azure, check out Azure's documentation to find more details on how to create an Azure SSO integration with SuperAnnotate.

Step 1: Go to your organization's security page

  1. Go to your organization.
  2. In the left panel, click Organization.
  3. Go to the Settings tab.
  4. In the left panel, select Security.
  5. In Security, click Enable.

Step 2: Configure SAML in your identity provider

  1. Log in to your identity provider account and navigate to your applications.
  2. Create a new application for SuperAnnotate.
  3. Select SAML from the SSO method options.
  4. Enter the information below in the corresponding fields for the SuperAnnotate application in your identity provider. You can find the valid values on the SSO setup page in SuperAnnotate.
  • Identifier (SP Entity ID or Audience URI)
  • Reply URL (Assertion Consumer Service URL or Single Sign On URL)
  1. In the Sign on URL textbox, type the following URL: https://auth.superannotate.com/login (optional)
  2. Additionally, you can download the SuperAnnotate logo from this link and upload it.

Step 3: Add attributes in your identity provider

These are the attributes required by SuperAnnotate, as listed in the security section of your organization settings. Copy the values corresponding to each attribute below and add them to your identity provider:

  • First name / Given name 
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
  • Last name / Surname 
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
  • Email address 
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
🚧

The users won’t be able to sign in if one of the attributes is missing.

Step 4: Assign a user to SuperAnnotate

Assign a user to SuperAnnotate in your identity provider. This allows you to complete the SAML setup process and test the application.

Step 5: Configure SAML SSO in SuperAnnotate

To complete the SAML SSO setup, you need to provide the metadata information from the application in your identity provider in the SSO setup page in SuperAnnotate by choosing one of the following options:

  • Option 1: Enter the metadata URL
  • Option 2: Upload metadata XML

Step 6: Enforce SAML SSO

You may enable this setting to require all members to log in to the organization using the organization’s identifier, which should be in advance communicated with all organization members. This setting excludes the Organization Owner to prevent lockouts and ensure platform access is always recoverable.

🚧

Enforcing the SSO login requirement

  • Users invited to an Organization that enforces SAML SSO login must sign up or sign in using that Organization’s identifier. When logging in this way with an Organization’s identifier, users will only be able to access:
    • the SSO-enforced organization
    • any other organizations that do not require SSO
  • Users that are already signed in will remain so, but they’ll lose access to the SSO-enforced organization if they’ve logged in with anything other than SSO.
  • To accept the invitation from an SSO-enforced organization and regain access to it, a signed-in user should sign out, then follow the invitation link using the SSO-enforced organization’s identifier. Otherwise, the user will receive an error when following the invitation and won’t be able to access this organization.
  • If a user is invited to an SSO-enforced organization, they still can sign up using any method and will be successfully registered. However, they’ll remain a pending user in that organization and won’t have access to it until they sign out, follow the invitation link again, and sign up again using the organization’s identifier.
  • When SAML SSO is required, SDK tokens under the Organization aren’t affected. SDK calls are still made on behalf of the Team Owner or Organization Owner.
🚧

Disabling the SSO login requirement

  • Existing users within the Organization that are currently logged in will be able to continue using the platform until they log out or the session expires.
  • Once a user logs out, they’ll be able to use any login method available to them (including SSO). This way, they’ll be able to access any Organization that doesn’t enforce SAML SSO login.

Step 7: Enable SAML single sign-on (SSO)

When you’re done, click Enable.

Sign in / Sign up with SSO

After the SSO is enabled for your company, your organization members that are newly invited to SuperAnnotate should take the following steps:

  1. Check their inbox and follow the SuperAnnotate invitation link.
  2. Select Sign up with SSO.
  3. Enter your company identifier.
  4. Click Sign up.

Members that have already signed up will stay signed in after the SSO is enabled. To sign in, they’ll have to click Sign in with SSO and use your company’s identifier.

If a user is trying to log in using the Sign in with SSO option, and the required attributes information isn't configured in their identity provider, they'll receive the following error message:Oh no! The response from your identity provider (IdP) is missing some required attributes. Please contact your IT department or an Organization Admin.

Updated 11 days ago