User Management

 

Basic user management features are present in the Annotation Lab. The user with the admin privilege can add or remove other users from the system or can edit user information if necessary. This feature is available by selecting the Users option under the Settings menu from the navigation panel.

All user accounts created on the Annotation Lab can be seen on the Users page. The table shows the username, first name, last name, and email address of all created user accounts. A user with the admin privilege can edit or delete that information, add a user to a group or change the user’s password.

User Details

Annotation Lab stores basic information for each user. Such as the First Name, Last Name, and Email. It is editable from the Details section by any user with admin privilege.

User Groups

Currently, two user groups are available: Annotators and Admins. By default, a new user gets added to the Annotators group. It means the user will not have access to any admin features, such as user management or other settings.

To add a user to the admin group, a user with admin privilege needs to navigate to the Users page, click on the concerned username or select the Edit option from the More Actions icon, then go to the Group section and check the Admins checkbox.

Reset User Credentials

A user with the admin privilege can change the login credentials for another user by navigating to the Credentials section of the edit user page and defining a new (temporary) password. For extra protection, the user with the admin privilege can enforce the password change on the next login.

SAML Integration

AnnotationLab supports Security Assertion Markup Language (SAML). To login to AnnotationLab using SAML, follow the steps below.

SAML Server Setup

Run the following command to setup a sample SAML server in a Docker environment:

docker run --rm --name mysamlserver -p 8081:8080 -p 8443:8443 -e SIMPLESAMLPHP_SP_ENTITY_ID=http://{IP}/auth/realms/master -e SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=http://{IP}/auth/realms/master/broker/saml/endpoint --network annotationlab kristophjunge/test-saml-idp


SAML Configuration

Follow the steps described below to setup a SAML connection.

  1. Goto AnnotationLab Keyclock console and navigate to Identity Providers under Configure on the left-side menu.

  2. Choose SAML v2.0 from Add Provider drop-down menu and a configuration page should appear.

    Screen Shot 2022-02-16 at 11 52 23 AM

  3. Provide values for Alias(e.g: saml) and Display Name(e.g: SAML). The value for Display Name will be seen in the login page.

  4. Now, set the value of the following attributes as shown below:

    • Enabled: On
    • Store Tokens: On
    • First Login Flow : first broker login
    • Sync Mode: force

  5. Under SAML Config specify values for the following parameters as provided by SAML sever:

    • Service Provider Entity ID
    • Single Sign-On Service URL
    • Single Logout Service URL

  6. Choose a Principal Type(e.g: Attribute[Name]) and add value to Principal Attribute(e.g. email) according to the data provided by SAML server

  7. Click on the Save button to save the changes.


Identity Provider Mapper

An Identity Provider Mapper must be defined for importing SAML data provided by the External Identity Provider (IDP) and using it for authenticating into Annotation Lab. This allows user profile and other user information to be imported and made available into Annotation Lab.

On Identity Providers > SAML page click on the Mappers tab located next to the Settings tab and follow the steps below:

  1. Click on Create. This should open a form to add a new Identity Provider Mapper

  2. Set the value for the following attributes:

    • Name(e.g: uma_protection mapper)
    • Sync Mode Override: inherit
    • Mapper Type: Hardcoded Role
  3. Click on the Select Role button and under the Client Roles menu put annotationlab. Now, select uma_protection and click on Select client role. annotationlab.uma_protection should be the value displayed for Role
  4. Save the changes


Default Group

Default groups are used for assigning group membership automatically whenever any new user is created. Add Annotators as the default group using the following steps:

  1. Goto Groups, on the left side panel under Manages
  2. Select the Default Groups tab
  3. Under Available Groups select Annotators and then click on the Add button

Now, Annotators should be listed under Default Groups.

Screen Shot 2022-02-16 at 12 30 23 PM


Login to Annotation Lab

Goto the Annotation Lab’s login dashboard and click on the display name which was set earlier(e.g: SAML). This is displayed under Or sign in with.

Screen Shot 2022-02-16 at 11 59 49 AM

Login with the data provided by the SAML server here:

Screen Shot 2022-02-16 at 10 50 02 AM

The user account information is updated and the user is redirected to Annotation Lab and presented with the Project dashboard.

NOTES: Users added as an IDP will be available in the Users tab on the left side under Manages

Last updated