NEW Native Support for Conversational Data: 4 Use Cases to Ship Better Chatbots

SSO, LDAP & SCIM

Label Studio Enterprise provides enterprise-grade identity and access management to centralize authentication, automate user lifecycle, and control access across organizations, workspaces, and projects.

Tip

SSO handles authentication; SCIM handles automated user and group provisioning.

Most enterprises enable SSO first, then SCIM for ongoing user/group sync. LDAP is typically used for on‑prem deployments.

LDAP

On-prem only.

Authenticate against your directory (e.g., AD/LDAP) in self-hosted environments while keeping roles managed in Label Studio.

  • Login with enterprise directory credentials
  • Keep RBAC and project/workspace permissions in Label Studio

See Set up LDAP authentication for Label Studio.

SSO (SAML 2.0)

Authenticate users via your IdP (Okta, Google SAML, Azure AD/Microsoft Entra, Ping Identity, OneLogin, etc.) for seamless, secure login flows.

  • Centralized login with your IdP
  • Single sign-on across your tools
  • Enterprise security policies enforced at IdP

See Set up SSO authentication for Label Studio and our SAML API docs.

SCIM 2.0

Automate provisioning/deprovisioning and group-to-role mappings. Supports Create/Update/Deactivate Users and Push Groups, including workspace/project membership management.

  • Provision/deprovision users automatically
  • Sync user profile changes
  • Push Groups for workspace and project membership
  • Map groups to organization roles and project-level roles

See and Set up SCIM2 for Label Studio our SCIM API docs.

In this article

  1. LDAP
  2. SSO (SAML 2.0)
  3. SCIM 2.0
Designed for teams of all sizes Contact Sales