LogoLogo
Python SDKSlack
  • Documentation
  • Cookbooks
  • Self-Hosting
  • Release Notes
  • Reference
  • Arize AI
  • Quickstarts
  • โœจArize Copilot
  • Concepts
    • Agent Evaluation
    • Tracing
      • What is OpenTelemetry?
      • What is OpenInference?
      • Openinference Semantic Conventions
    • Evaluation
  • ๐ŸงชDevelop
    • Quickstart: Experiments
    • Datasets
      • Create a dataset
      • Update a dataset
      • Export a dataset
    • Experiments
      • Run experiment
        • Run experiment in code
        • Log experiment results via SDK
        • Experiments SDK differences in AX vs Phoenix
      • Evaluate experiment
        • Evaluate experiment in code
      • CI/CD with experiments
        • Github Action Basics
        • Gitlab CI/CD Basics
      • Download experiment
    • Prompt Playground
      • Span Replay
      • Compare Prompts Side-by-Side
      • Load a Dataset into Playground
      • Save Playground Outputs as an Experiment
      • Using Tools in Playground
      • Image Inputs in Playground
      • โœจCopilot: Prompt Builder
    • Playground Integrations
      • OpenAI
      • Azure OpenAI
      • AWS Bedrock
      • VertexAI
      • Custom LLM Models
    • Prompt Hub
  • ๐Ÿง Evaluate
    • Online Evals
      • Run evaluations in the UI
      • Run evaluations with code
      • Test LLM evaluator in playground
      • View task details & logs
      • โœจCopilot: Eval Builder
      • โœจCopilot: Eval Analysis
      • โœจCopilot: RAG Analysis
    • Experiment Evals
    • LLM as a Judge
      • Custom Eval Templates
      • Arize Templates
        • Agent Tool Calling
        • Agent Tool Selection
        • Agent Parameter Extraction
        • Agent Path Convergence
        • Agent Planning
        • Agent Reflection
        • Hallucinations
        • Q&A on Retrieved Data
        • Summarization
        • Code Generation
        • Toxicity
        • AI vs Human (Groundtruth)
        • Citation
        • User Frustration
        • SQL Generation
    • Code Evaluations
    • Human Annotations
      • Annotate spans
      • Setup labeling queues
  • ๐Ÿ”ญObserve
    • Quickstart: Tracing
    • Tracing
      • Setup Tracing
      • How to: Trace Manually
        • Trace Function Calls
        • Instrument with OpenInference Helpers
        • How to Send to a Specific Project and Space ID
        • Get the Current Span/Context and Tracer
        • Log Prompt Templates & Variables
        • Add Attributes, Metadata and Tags to Span
        • Add Events, Exceptions and Status to Spans
        • Configure OTEL Tracer
        • Create LLM, Retriever and Tool Spans
        • Create Tool Spans
        • Log Input
        • Log Outputs
        • Mask Span Attributes
        • Redact Sensitive Data from Traces
        • Send Traces from Phoenix -> Arize
        • Log as Inferences
        • Advanced Tracing (OTEL) Examples
      • How to: Query Traces
        • Filter Traces
          • Time Filtering
        • Export Traces
        • โœจAI Powered Search & Filter
        • โœจAI Powered Trace Analysis
        • โœจAI Span Analysis & Evaluation
    • Tracing Integrations
      • OpenAI
      • OpenAI Agents SDK
      • LlamaIndex
      • LlamaIndex Workflows
      • LangChain
      • LangGraph
      • Hugging Face smolagents
      • Autogen
      • Google GenAI (Gemini)
      • Vertex AI
      • Amazon Bedrock
      • Amazon Bedrock Agents
      • MistralAI
      • Anthropic
      • LangFlow
      • Haystack
      • LiteLLM
      • CrewAI
      • Groq
      • DSPy
      • Guardrails AI
      • Prompt flow
      • Vercel AI SDK
      • Llama
      • Together AI
      • OpenTelemetry (arize-otel)
      • BeeAI
    • Evals on Traces
    • Guardrails
    • Sessions
    • Dashboards
      • Dashboard Widgets
      • Tracking Token Usage
      • โœจCopilot: Dashboard Widget Creation
    • Monitors
      • Integrations: Monitors
        • Slack
          • Manual Setup
        • OpsGenie
        • PagerDuty
      • LLM Red Teaming
    • Custom Metrics & Analytics
      • Arize Query Language Syntax
        • Conditionals and Filters
        • All Operators
        • All Functions
      • Custom Metric Examples
      • โœจCopilot: ArizeQL Generator
  • ๐Ÿ“ˆMachine Learning
    • Machine Learning
      • User Guide: ML
      • Quickstart: ML
      • Concepts: ML
        • What Is A Model Schema
        • Delayed Actuals and Tags
        • ML Glossary
      • How To: ML
        • Upload Data to Arize
          • Pandas SDK Example
          • Local File Upload
            • File Upload FAQ
          • Table Ingestion Tuning
          • Wildcard Paths for Cloud Storage
          • Troubleshoot Data Upload
          • Sending Data FAQ
        • Monitors
          • ML Monitor Types
          • Configure Monitors
            • Notifications Providers
          • Programmatically Create Monitors
          • Best Practices for Monitors
        • Dashboards
          • Dashboard Widgets
          • Dashboard Templates
            • Model Performance
            • Pre-Production Performance
            • Feature Analysis
            • Drift
          • Programmatically Create Dashboards
        • Performance Tracing
          • Time Filtering
          • โœจCopilot: Performance Insights
        • Drift Tracing
          • โœจCopilot: Drift Insights
          • Data Distribution Visualization
          • Embeddings for Tabular Data (Multivariate Drift)
        • Custom Metrics
          • Arize Query Language Syntax
            • Conditionals and Filters
            • All Operators
            • All Functions
          • Custom Metric Examples
          • Custom Metrics Query Language
          • โœจCopilot: ArizeQL Generator
        • Troubleshoot Data Quality
          • โœจCopilot: Data Quality Insights
        • Explainability
          • Interpreting & Analyzing Feature Importance Values
          • SHAP
          • Surrogate Model
          • Explainability FAQ
          • Model Explainability
        • Bias Tracing (Fairness)
        • Export Data to Notebook
        • Automate Model Retraining
        • ML FAQ
      • Use Cases: ML
        • Binary Classification
          • Fraud
          • Insurance
        • Multi-Class Classification
        • Regression
          • Lending
          • Customer Lifetime Value
          • Click-Through Rate
        • Timeseries Forecasting
          • Demand Forecasting
          • Churn Forecasting
        • Ranking
          • Collaborative Filtering
          • Search Ranking
        • Natural Language Processing (NLP)
        • Common Industry Use Cases
      • Integrations: ML
        • Google BigQuery
          • GBQ Views
          • Google BigQuery FAQ
        • Snowflake
          • Snowflake Permissions Configuration
        • Databricks
        • Google Cloud Storage (GCS)
        • Azure Blob Storage
        • AWS S3
          • Private Image Link Access Via AWS S3
        • Kafka
        • Airflow Retrain
        • Amazon EventBridge Retrain
        • MLOps Partners
          • Algorithmia
          • Anyscale
          • Azure & Databricks
          • BentoML
          • CML (DVC)
          • Deepnote
          • Feast
          • Google Cloud ML
          • Hugging Face
          • LangChain ๐Ÿฆœ๐Ÿ”—
          • MLflow
          • Neptune
          • Paperspace
          • PySpark
          • Ray Serve (Anyscale)
          • SageMaker
            • Batch
            • RealTime
            • Notebook Instance with Greater than 20GB of Data
          • Spell
          • UbiOps
          • Weights & Biases
      • API Reference: ML
        • Python SDK
          • Pandas Batch Logging
            • Client
            • log
            • Schema
            • TypedColumns
            • EmbeddingColumnNames
            • ObjectDetectionColumnNames
            • PromptTemplateColumnNames
            • LLMConfigColumnNames
            • LLMRunMetadataColumnNames
            • NLP_Metrics
            • AutoEmbeddings
            • utils.types.ModelTypes
            • utils.types.Metrics
            • utils.types.Environments
          • Single Record Logging
            • Client
            • log
            • TypedValue
            • Ranking
            • Multi-Class
            • Object Detection
            • Embedding
            • LLMRunMetadata
            • utils.types.ModelTypes
            • utils.types.Metrics
            • utils.types.Environments
        • Java SDK
          • Constructor
          • log
          • bulkLog
          • logValidationRecords
          • logTrainingRecords
        • R SDK
          • Client$new()
          • Client$log()
        • Rest API
    • Computer Vision
      • How to: CV
        • Generate Embeddings
          • How to Generate Your Own Embedding
          • Let Arize Generate Your Embeddings
        • Embedding & Cluster Analyzer
        • โœจCopilot: Embedding Summarization
        • Similarity Search
        • Embedding Drift
        • Embeddings FAQ
      • Integrations: CV
      • Use Cases: CV
        • Image Classification
        • Image Segmentation
        • Object Detection
      • API Reference: CV
Powered by GitBook
On this page
  • Single Sign On
  • Role Based Access Control
  • Account
  • Organizations
  • Spaces
  • Invite Users
  • JIT User Provisioning

Was this helpful?

  1. ๐Ÿ”‘Admin & Settings

SSO & RBAC

Last updated 28 days ago

Was this helpful?

Support

  • Chat Us On Slack
  • support@arize.com

Get Started

  • Signup For Free
  • Book A Demo

Copyright ยฉ 2025 Arize AI, Inc

  • Single Sign On

  • Role Based Access Control (RBAC)

  • Invite Users

  • JIT User Provisioning

Single Sign On

Arize supports Single Sign-On via SAML2. Configure your Identity Provider with the following information about the Arize Service:

  • SSO URL / ACS (Assertion Consumer Service) : https://app.arize.com/auth/v2/saml

  • URI / EntityID: https://app.arize.com

  • UserName / NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

If needed for your Identity Provider, Arize SAML metadata.xml can be downloaded from https://app.arize.com/auth/v2/saml/metadata

  • SSO URL / ACS (Assertion Consumer Service) : https://app.eu-west-1a.arize.com/auth/v2/saml

  • URI / EntityID: https://app.eu-west-1a.arize.com/

  • UserName / NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

If needed for your Identity Provider, Arize SAML metadata.xml can be downloaded from https://app.eu-west-1a.arize.com/auth/v2/saml/metadata

Once configured in your Identity Provider, send Arize your IdP metadata URL, or the metadata.xml directly.

Role Based Access Control

Arize supports full role based access control. Using organizations and spaces, users can be restricted to only have access to data they are permitted. Your Arize account can consist of multiple organizations and spaces.

Account

You are a member of one Arize account. An account consists of one or more organizations.

Admin - Has full access to all entities in the account.

Member - Access is determined by organization and space roles.

Action

Admin

Member

User management

  • Invite users, remove users, and change user roles

โœ…

โŒ

Create organizations

โœ…

โŒ

Organizations

Organizations represent a single business unit and help you silo work across different areas of your business. Within your account, you can be a member of multiple Organizations. An Organization may consist of one or more spaces.

Admin - Has full access to all entities in the organization.

Member - Has partial access at the organizational level. Can create spaces and integration keys. They can only edit or delete integration keys they create. Space access is determined by space role.

Read-only Member - Has read-only access to the organization. Cannot create spaces nor integration keys. Public space access is read-only unless added to the space. Private space access is determined by space role.

Action

Admin

Member

Read-only Member

Organization Member management

  • Invite and remove members and change their roles

โœ…

โŒ

โŒ

Create spaces

โœ…

โœ…

โŒ

View public spaces

โœ…

โœ…

โœ…

Edit public spaces

โœ…

โœ…

โŒ (unless explicitly added)

View private spaces

โœ…

If added to space: โœ…

If not: โŒ

If added to space: โœ…

If not: โŒ

Create integration keys

โœ…

โœ…

โŒ

Edit / delete integration keys

โœ…

If creator: โœ… If not: โŒ

โŒ

Spaces

Spaces represent an environment for groups of models. You can be a member of multiple spaces across multiple organizations within your account. Spaces can either be public or private. Public Spaces are visible to all members (regardless of role) of the parent organization. Private spaces are only visible to explicitly invited members of the space.

Admin - Has full access to all entities in the space.

Member - Has write access to entities associated to models (e.g., monitors) but does not have access to API keys, model creation, or membership management.

Read-only Member - Has read-only access to entities in the space. Due to popular customer request, read-only members are still able to run the prompt playground.

Annotator - Has access only to assigned items in the labeling queue.

Action

Admin

Member

Read-only Member

Annotator

Access to SDK API Key

โœ…

โŒ

โŒ

โŒ

Space Member management

  • Invite and remove members and change their roles

โœ…

โŒ

โŒ

โŒ

Delete Projects

โœ…

โŒ

โŒ

โŒ

Create and delete file import jobs

โœ…

โŒ

โŒ

โŒ

Update model settings

โœ…

โœ…

โŒ

โŒ

Create/Edit Dashboards

โœ…

โœ…

โŒ

โŒ

Create/Edit Monitors

โœ…

โœ…

โŒ

โŒ

View project entities (Datasets, monitors, dashboards etc.)

โœ…

โœ…

โœ…

โŒ

Create/Edit Tasks

โœ…

โœ…

โŒ

โŒ

Create/Edit Datatsets

โœ…

โœ…

โŒ

โŒ

Run Experiments

โœ…

โŒ

โŒ

โŒ

Annotate on Spans

โœ…

โœ…

โŒ

โŒ

Create / Edit /Delete Prompts

โœ…

โœ…

โŒ

โŒ

Access Annotation Queues

โœ…

โœ…

โœ…

โœ…

Run Playground

โœ…

โœ…

โœ…

โŒ

Invite Users

Want to invite team members?

  1. Go to 'Account Settings' --> Members --> Add Members

  2. Go to 'Org Settings' --> Members --> Add Members

  3. Go to 'Space Settings' --> Members --> Add Members

When adding a member, you will select their permission level for your Account, Organization, and Space.

JIT User Provisioning

To enable just-in-time user provisioning, it's recommended to provide an attribute Name or http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name that maps to the full name of the user to properly create the First/Last Name for the user in the Arize platform.

Arize also supports automated role assignment during JIT provisioning, enabling you to enforce role-based access control. To configure this, you can declare a mapping between the values of a specified SAML attribute from your Identity Provider (idP) and corresponding Arize user roles. For example, if you have an attribute for team/department in your idP (e.g., "Department": "Ads ML Engineering"), you can map that attribute to a specific Space/Org role in Arize. These attributes need to be included in the SAML assertion/response.

Below is an example configuration:

<saml2:Attribute Name="Department" 
                 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xs:string"
                >Ads ML Engineering</saml2:AttributeValue>
</saml2:Attribute>

Once this configuration is set, Arize will automatically assign the appropriate roles when provisioning users via SSO, based on your role mapping. Contact your dedicated customer success engineer or the Arize support email/slack to make these configuration mappings.

Questions? Email us at support@arize.com or Slack us in the #arize-support channel

Adding a user to a workspace