Single sign-on (SSO)

Single sign-on (SSO) allows users to access multiple corporate applications, websites, and data for which they have permission with a single set of login credentials.

SuperAnnotate supports SAML 2.0 single sign-on with the following identity providers: Azure AD, Okta, Ping Identity, and more.

This feature is available for Enterprise users.

Please note that only organization owners have permission to set up SSO for your organization.

Enable SAML single sign-on (SSO)

If your identity provider is Azure, check out Azure's documentation to find more details on how to create an Azure SSO integration with SuperAnnotate.

Step 1: Go to your organization's security page

  1. Go to your organization.
  2. In the left panel, click Organization.
  3. Go to the Settings tab.
  4. In the left panel, select Security.
  5. In Security, click Enable.

Step 2: Configure SAML in your identity provider

  1. Log in to your identity provider account and navigate to your applications.
  2. Create a new application for SuperAnnotate.
  3. Select SAML from the SSO method options.
  4. Enter the information below in the corresponding fields for the SuperAnnotate application in your identity provider. You can find the valid values on the SSO setup page in SuperAnnotate.
  • Identifier (SP Entity ID or Audience URI)
  • Reply URL (Assertion Consumer Service URL or Single Sign On URL)
  1. In the Sign on URL textbox, type the following URL: https://auth.superannotate.com/login (optional)
  2. Additionally, you can download the SuperAnnotate logo from this link and upload it.

Step 3: Add attributes in your identity provider

Add the required attributes mapping below from SuperAnnotate to your identity provider. To configure the attributes, you need to copy the values that correspond to the attributes on the SSO setup page in SuperAnnotate to the application in your identity provider. Here are the attributes:

  • First name / Given name
  • Last name / Surname
  • Email address

🚧

The users won’t be able to sign in if one of the attributes is missing.

Step 4: Assign a user to SuperAnnotate

Assign a user to SuperAnnotate in your identity provider. This allows you to complete the SAML setup process and test the application.

Step 5: Configure SAML SSO in SuperAnnotate

To complete the SAML SSO setup, you need to provide the metadata information from the application in your identity provider in the SSO setup page in SuperAnnotate by choosing one of the following options:

  • Option 1: Enter the metadata URL
  • Option 2: Upload metadata XML

Step 6: Enable SAML single sign-on (SSO)

When you’re done, click Enable.

Sign in / Sign up with SSO

After the SSO is enabled for your company, your organization members that are newly invited to SuperAnnotate should take the following steps:

  1. Check their inbox and follow the SuperAnnotate invitation link.
  2. Select Sign up with SSO.
  3. Enter your company identifier.
  4. Click Sign up.

Members that have already signed up will stay signed in after the SSO is enabled. To sign in, they’ll have to click Sign in with SSO and use your company’s identifier.

If a user is trying to log in using the Sign in with SSO option, and the required attributes information isn't configured in their identity provider, they'll receive the following error message:Oh no! The response from your identity provider (IdP) is missing some required attributes. Please contact your IT department or an Organization Admin.