- Get started
- Label Studio features
Install and Upgrade
- Install and upgrade Label Studio
- Install Label Studio Enterprise on-premises using Docker
- Install Label Studio Enterprise on AWS Private Cloud
- Database setup
- Start Label Studio
Security and Privacy
- Secure Label Studio
- Set up authentication
- Federate access to data using SAML
- Set up user accounts
- Manage access
- Get data
- Import pre-annotations
- Sync data from external storage
Labeling and Projects
- Project setup
- Set up your labeling interface
- Label and annotate data
- Review annotations
- Annotation statistics
- Export annotations
Machine Learning Setup
- Machine learning setup
- Write your own ML backend
- ML Examples and Tutorials
- Troubleshoot machine learning
- Frontend library
- Frontend reference
- Backend API
- Update scripts and API calls
Set up authentication for Label Studio
Beta documentation: Label Studio Enterprise v2.0.0 is currently in Beta. As a result, this documentation might not reflect the current functionality of the product.
Set up single sign-on using SAML to manage access to Label Studio using your existing Identity Provider (IdP), or use LDAP authentication.
SSO and LDAP authentication are only available in Label Studio Enterprise Edition. If you're using Label Studio Community Edition, see Label Studio Features to learn more.
The organization owner for Label Studio Enterprise can set up SSO & SAML for the instance. Label Studio Enterprise supports the following IdPs:
- Microsoft Active Directory
- others that use SAML assertions
After you set up SSO, you can no longer use native authentication to access the Label Studio UI unless you have the Owner role.
After you set up LDAP authentication, you can no longer use native authentication to access the Label Studio UI unless you have the Owner role.
Set up LDAP authentication and assign LDAP users to your Label Studio Enterprise organization using environment variables in Docker.
You can refer to this example environment variable file for your own LDAP setup:
AUTH_LDAP_ENABLED=1 AUTH_LDAP_SERVER_URI=ldap://www.example.com AUTH_LDAP_BIND_DN=cn=ro_admin,ou=sysadmins,dc=zexample,dc=com AUTH_LDAP_BIND_PASSWORD=zexamplepass AUTH_LDAP_USER_DN_TEMPLATE=uid=%(user)s,ou=users,ou=guests,dc=zexample,dc=com # Group parameters AUTH_LDAP_GROUP_SEARCH_BASE_DN=ou=users,ou=guests,dc=zexample,dc=com AUTH_LDAP_GROUP_SEARCH_FILTER_STR=(objectClass=groupOfNames) AUTH_LDAP_GROUP_TYPE=ou # Populate the user from the LDAP directory, values below are set by default AUTH_LDAP_USER_ATTR_MAP_FIRST_NAME=givenName AUTH_LDAP_USER_ATTR_MAP_LAST_NAME=sn AUTH_LDAP_USER_ATTR_MAP_EMAIL=mail # Specifity organization to assign on the platform AUTH_LDAP_ORGANIZATION_OWNER_EMAILfirstname.lastname@example.org # Advanced options, read more about options and values here: # https://www.python-ldap.org/en/latest/reference/ldap.html#options AUTH_LDAP_CONNECTION_OPTIONS=OPT_X_TLS_CACERTFILE=/certificates/ca.crt;OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_DEMAND
After setting up LDAP authentication for your on-premises Label Studio Enterprise instance, you can use the credentials
guest1password to log in and test the setup.
If you found an error, you can file an issue on GitHub!