Single sign-on (SSO) allows users to access multiple corporate applications, websites, and data for which they have permission with a single set of login credentials.

SuperAnnotate supports SAML 2.0 single sign-on with the following identity providers: Azure AD, Okta, Ping Identity, and more.

This feature is available for Enterprise users.

📘
Please note that only organization owners have permission to set up SSO for your organization, and that SuperAnnotate supports only SP initiated single sign-on.

Enable SAML single sign-on (SSO)

If your identity provider is Azure, check out Azure's documentation to find more details on how to create an Azure SSO integration with SuperAnnotate.

Step 1: Go to your organization's security page

Go to your organization.
In the left panel, click Organization.
Go to the Settings tab.
In the left panel, select Security.
In Security, click Enable.

Step 2: Configure SAML in your identity provider

Log in to your identity provider account and navigate to your applications.
Create a new application for SuperAnnotate.
Select SAML from the SSO method options.
Enter the information below in the corresponding fields for the SuperAnnotate application in your identity provider. You can find the valid values on the SSO setup page in SuperAnnotate.

Identifier (SP Entity ID or Audience URI)
Reply URL (Assertion Consumer Service URL or Single Sign On URL)

In the Sign on URL textbox, type the following URL: https://auth.superannotate.com/login (optional)
Additionally, you can download the SuperAnnotate logo from this link and upload it.

Step 3: Add attributes in your identity provider

These are the attributes required by SuperAnnotate, as listed in the security section of your organization settings. Copy the values corresponding to each attribute below and add them to your identity provider:

First name / Given name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

Last name / Surname

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

Email address

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

🚧
The users won’t be able to sign in if one of the attributes is missing.

Step 4: Assign a user to SuperAnnotate

Assign a user to SuperAnnotate in your identity provider. This allows you to complete the SAML setup process and test the application.

Step 5: Configure SAML SSO in SuperAnnotate

To complete the SAML SSO setup, you need to provide the metadata information from the application in your identity provider in the SSO setup page in SuperAnnotate by choosing one of the following options:

Option 1: Enter the metadata URL
Option 2: Upload metadata XML

Step 6: Enable SAML single sign-on (SSO)

When you’re done, click Enable.

Sign in / Sign up with SSO

After the SSO is enabled for your company, your organization members that are newly invited to SuperAnnotate should take the following steps:

Check their inbox and follow the SuperAnnotate invitation link.
Select Sign up with SSO.
Enter your company identifier.
Click Sign up.

Members that have already signed up will stay signed in after the SSO is enabled. To sign in, they’ll have to click Sign in with SSO and use your company’s identifier.

If a user is trying to log in using the Sign in with SSO option, and the required attributes information isn't configured in their identity provider, they'll receive the following error message:Oh no! The response from your identity provider (IdP) is missing some required attributes. Please contact your IT department or an Organization Admin.