Only users that are part of an Organization can create data integrations.
Create and manage data integrations from the Integrations section. Click Add integration to create a new integration.
Encord can integrate with the following cloud storage providers:

User Roles and Permissions

Integrations have the following user based access controls.
PermissionAdminUser
View integration
Register data using the integration
Delete integration
Add users

User Management

The user who creates the cloud integration becomes its administrator and gains immediate access to use it. Only integration admins can add users to an integration.
Users must be added to a cloud integration before they can use it to register data with Encord.

Add Users

Add individual users to an integration:
  1. Click the Add or remove users button on the integration. A dialog appears.
  2. Ensure the Invite tab is selected.
  3. Ensure the Individual tab is selected
  4. Type the email addresses of the users you want to share the integration with and press Enter on your keyboard to confirm.
  5. Select the integration user role you want to assign to the users.
  6. Click Add.
Add user groups to an integration:
  1. Click the Add or remove users button on the integration. A dialog appears.
  2. Ensure the Invite tab is selected.
  3. Click the Groups tab.
  4. Select a user group you want to add to the integration
  5. Select the integration user role you want to assign to all users in the group.
  6. Click Add.

Remove Users

Individuals with the Admin user role can only be removed from the integration from an Organization Admin.
To remove individual users from an integration:
  1. Click the Add or remove users button on the integration. A dialog appears.
  2. Select the Manage tab.
  3. Ensure the Individuals tab is selected.
  4. Click the delete icon next to the user you want to remove from the integration.
To remove a user group from an integration:
  1. Click the Add or remove users button on the integration. A dialog appears.
  2. Select the Manage tab.
  3. Select the Groups tab.
  4. Click the delete icon next to the user group you want to remove from the integration.

Strict Client-only Access

Strict client-only access allows Encord to sign URLs without temporarily processing information on our servers. Strict client-only access is available for all types of private cloud integrations, including Direct access.
For enhanced security, create a Direct Access integration with Strict client-only access. This combination ensures the highest level of data protection: Strict client-only access prevents Encord from accessing your data, while Direct Access keeps Encord from signing the URLs, maintaining your data’s confidentiality.
There are two main consequences of making an integration client-only access:
  1. All features that rely on any kind of data conversion will not work. This includes features such as:
  1. Metadata must be specified for all data in the JSON file when adding data to a dataset. The video metadata section shows how to specify the metadata.

Enabling Strict Client-Only Access

Strict client-only access is enabled by checking the Strict client-only access, server-side media features will not be available checkbox in the Advanced settings section when creating an integration.
A green tick and the words Client-only access are visible on all client-only access integrations.

Video Metadata

The JSON format allows you to specify videoMetadata for video files. videoMetadata is essential information used by the Label Editor and is crucial for aligning annotations to the correct frame.
When the videometadata flag is included in the JSON file, we directly use the supplied metadata without performing any additional validation, and do not store the file on our servers. To guarantee accurate labels, it is crucial that the metadata you provide is accurate.
videoMetadata must be specified when a Strict client-only access integration is used. In all other cases videoMetadata is optional.Encord assumes the videoMetadata is correct and our servers do not download or pre-process your data. This is particularly useful for customers with strict data compliance concerns.
videoMetadata is distinct from clientMetadata. videoMetadata is required for videos when using Strict client-only access, while clientMetadata is optional and can be included for all types of data.
One way to find the required metadata is shown below. Run the following commands in your terminal.
  • ffmpeg -i 'video_title.mp4' to retrieve fps, duration, width, and height:
  • ls -l 'video_title.mp4' to retrieve the file size:

Image Metadata

The JSON format allows you to specify imageMetadata for image files. imageMetadata contains essential information used by the Label Editor and is crucial for aligning annotations to the correct image properties.
When the imageMetadata flag is present in the JSON file, we directly use the supplied metadata without performing any additional validation and do not store the file on our servers. To guarantee accurate labels, it is crucial that the metadata you provide is accurate.
imageMetadata must be specified when a Strict client-only access integration is used. In all other cases, imageMetadata is optional.
{
  "images": [
    {
      "objectUrl": "s3://my_image.jpg",
      "imageMetadata": {
        "mimeType": "image/jpg",
        "fileSize": 124,
        "width": 640,
        "height": 480
      }
    }
  ]
}
  • width / height: Dimensions of the video (in pixels).
  • file_size: The size of the file (in bytes).
  • mime_type: Specifies the file type extension according to the MIME standard.

Audio Metadata

The JSON format allows you to specify audioMetadata for audio files. audioMetadata contains essential information used by the Label Editor and is crucial for aligning annotations to the correct audio properties.
When the audioMetadata flag is present in the JSON file, we directly use the supplied metadata without performing any additional validation and do not store the file on our servers. To guarantee accurate labels, it is crucial that the metadata you provide is accurate.
audioMetadata must be specified when a Strict client-only access integration is used. In all other cases, audioMetadata is optional.
{
  "audio": [
    {
      "objectUrl": "https://encord-integration.s3.eu-west-2.amazonaws.com/videos/audio_file_001.mp3",
      "audioMetadata": {
        "duration": 23.02,
        "file_size": 2900000,
        "mime_type": "audio/mp3",
        "sample_rate": 44100,
        "bit_depth": 24,
        "codec": "mp3",
        "num_channels": 2
        }
    }
  ]
}
  • duration: Length of the audio file (in seconds).
  • file_size: The size of the file (in bytes).
  • mime_type: Specifies the file type extension according to the MIME standard.
  • sample_rate: The number of samples per second in the audio file (in Hz).
  • bit_depth: The number of bits per sample, representing audio resolution.
  • codec: The format used to encode the audio (e.g., “mp3”).
  • num_channels: The number of audio channels (e.g., 1 for mono, 2 for stereo).

Custom Signed URL Expiration Time

A custom signed URL expiration time allows you to set the duration that an integration’s pre-signed URL remains valid.
Custom signed URL expiration times are only available for AWS, GCP, and OTC integrations.
Shorter signed URL expiration times are more secure, but can negatively impact the annotation and review experiences in the Label Editor. Ensure that the URL expiration time exceeds the amount of time that files from the integration take to annotate and review. The default value for signed URL expiration times when creating an integration is 1 week.

Setting Custom Signed URL Expiration Times

To set up a custom signed URL expiration time for a new integration:
  1. Click the Custom signed URL integration time checkbox in the Advanced settings when setting up your GCP, AWS, or OTC integration.
  2. Set the duration for which pre-signed URLs should remain valid. We recommend configuring the URL expiration time to exceed the time required to annotate and review files from the integration in the Label Editor.

Edit Custom Signed URL Expiration Times

Custom signed URL expiration times are only available for AWS, GCP, and OTC integrations. For Azure integrations,expired SAS tokens must be updated regularly.
To change the custom signed URL expiration time for an existing integration:
  1. Click the three dots icon on your integration.
  2. Select Update Signed Url Expiration.
  1. Set the duration for which pre-signed URLs should remain valid. We recommend configuring the URL expiration time to exceed the time required to annotate and review files from the integration in the Label Editor.

View and Join Integrations in Your Org

Organization Admins can search for and join any data integration that exists within the Organization. To search and join integrations:
  1. Navigate to the Integrations of the Encord platform.
  2. Click All Encord integrations.
  3. Click Join integration to join the integration.
  • Integrations can be filtered by the owner of the integration.
  • See all integrations you belong to by clicking the Filter by search bar, and selecting My integrations only.
When an Organization Admin joins an integration, they are automatically assigned the Admin user role for that integration.
Integrations can ONLY be deleted by the creator of the integration. Even admins cannot delete an integration if they did not create the integration.