Skip to main content
Version: 0.94

Overview

This article lists the different authentication methods supported by Snorkel Flow and introduces the User Role feature for different platform user personas. It can point you to an authentication setup suitable for your organization, and help map the correct permissions from your roles/groups to Snorkel Flow User Roles.

Platform Authentication

The Snorkel Flow platform offers two primary methods of authentication that are described below. For details on SSO integration, please visit the links mentioned.

  1. Basic authentication
  2. [Recommended] Single Sign-On (SSO)

After initial authentication, the capabilities of each user is defined by the concept of workspaces and the Role-Based Access Controls (RBAC) roles within each workspace.

Basic Authentication

This is authentication users with a username/password pair. This is the default authentication method for freshly installed Snorkel Flow instance and can be disabled once alternative authentication method is set up.

For freshly installed Snorkel Flow, you will be prompted to create a first user, which will inherit the superadmin role. The superadmin role is the most elevated role within Snorkel Flow and is leveraged for administrative tasks within Snorkel Flow (such as setting up SSO, creating new users), and should not be used for day to day activities.

Single Sign-on (SSO)

This is the recommended authentication method for Snorkel Flow. We support enterprise-grade SSO integration with SAML and OIDC. Please go to relevant section for your integration.

Snorkel Flow User Roles

A user role represent a collection of permissions to perform actions on Snorkel Flow platform (e.g. creating application, uploading dataset).

Currently we have the following roles (details in user roles definition):

  • Superadmin/System Admin: Overall manager for the entire instance: control over all workspaces and applications in the instance
  • Admin/Workspace Admin: Full admin control over all app development for a specific workspace.
  • Developer: Core persona developing application in Snorkel Flow: uploading data, pre-processing, LF and model development, deployment
  • Reviewer: Manage all annotators and annotation batches
  • Annotator: Creator of annotations for batches assigned to them

ℹ️ Except for superadmin, all user roles are workspace-scoped. This means the same user can have different roles in different workspaces. (e.g. Developer in workspace 1, but Reviewer in workspace 2)

For more detailed permission breakdown and persona, please reference user roles definition