Configure Lokalise enterprise SSO, role-based access control, and team management.
Use when implementing SSO integration, configuring role-based permissions,
or setting up organization-level controls for Lokalise.
Trigger with phrases like "lokalise SSO", "lokalise RBAC",
"lokalise enterprise", "lokalise roles", "lokalise permissions", "lokalise team".
Manage fine-grained access to Lokalise translation projects using its built-in role hierarchy, language-level scoping, contributor groups, and organization-level SSO enforcement. Lokalise has four core roles — owner, admin, manager-level (via admin_rights), and contributor (translator/reviewer) — each configurable per project and per language.
Prerequisites
Lokalise Team or Enterprise plan (contributor groups and SSO require Team+)
Owner or Admin role in the Lokalise organization
LOKALISE_API_TOKEN environment variable set (admin-level token)
@lokalise/node-api SDK or curl + jq for REST API access
Instructions
Step 1: Understand the Role Hierarchy
Lokalise uses a flat role model per project, controlled by three boolean flags on each contributor:
Role
is_admin
is_reviewer
Can translate
Can review
Can manage keys
Can manage contributors
Admin
true
true
Yes
Yes
Yes
Yes
Manager
false
true
Yes
Yes
Limited (via admin_rights)
No
Reviewer
false
true
Yes
Yes
No
No
Translator
false
false
Yes
No
No
No
At the team level, users are either admin or member. Team admins can create projects and manage billing. Team members can only access projects they are explicitly added to.
Step 2: Add Contributors with Language Scoping
import { LokaliseApi } from '@lokalise/node-api';
const lok = new LokaliseApi({ apiKey: process.env.LOKALISE_API_TOKEN! });
// Add a translator restricted to French and Spanish only
await lok.contributors().create(PROJECT_ID, [{
email: '[email protected]',
fullname: 'Marie Dupont',
is_admin: false,
is_reviewer: false,
languages: [
{ lang_iso: 'fr', is_writable: true },
{ lang_iso: 'es', is_writable: true },
],
}]);
// Add a reviewer who can review all languages but only translate German
await lok.contributors().create(PROJECT_ID, [{
email: '[email protected]',
fullname: 'Hans Mueller',
is_admin: false,
is_reviewer: true,
languages: [
{ lang_iso: 'de', is_writable: true },
{ lang_iso: 'fr', is_writable: false }, // Can review but not edit
{ lang_iso: 'es', is_writable: false },
],
}]);
Step 3: Manage Team-Level Users and Roles
set -euo pipefail
TEAM_ID="YOUR_TEAM_ID"
# List all team members with their roles
curl -s -X GET "https://api.lokalise.com/api2/teams/${TEAM_ID}/users" \
-H "X-Api-Token: ${LOKALISE_API_TOKEN}" \
| jq '.team_users[] | {user_id: .user_id, email: .email, role: .role}'
# Demote a user from admin to member
curl -s -X PUT "https://api.lokalise.com/api2/teams/${TEAM_ID}/users/USER_ID" \
-H "X-Api-Token: ${LOKALISE_API_TOKEN}" \
-H "Content-Type: application/json" \
-d '{"role": "member"}'
Step 4: Create Contributor Groups for Bulk Management
Groups let you assign the same permissions to multiple people at once. When you add a user to a group, they inherit the group's language scope and role across all projects the group is assigned to.
set -euo pipefail
TEAM_ID="YOUR_TEAM_ID"
# Create a group for APAC translators
curl -s -X POST "https://api.lokalise.com/api2/teams/${TEAM_ID}/groups" \
-H "X-Api-Token: ${LOKALISE_API_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"name": "APAC Translators",
"is_reviewer": false,
"is_admin": false,
"admin_rights": [],
"languages": [
{"lang_iso": "ja", "is_writable": true},
{"lang_iso": "ko", "is_writable": true},
{"lang_iso": "zh_CN", "is_writable": true}
]
}'
# Add a member to the group
GROUP_ID=$(curl -s "https://api.lokalise.com/api2/teams/${TEAM_ID}/groups" \
-H "X-Api-Token: ${LOKALISE_API_TOKEN}" \
| jq -r '.groups[] | select(.name == "APAC Translators") | .group_id')
curl -s -X PUT "https://api.lokalise.com/api2/teams/${TEAM_ID}/groups/${GROUP_ID}/members/add" \
-H "X-Api-Token: ${LOKALISE_API_TOKEN}" \
-H "Content-Type: application/json" \
-d '{"users": [12345, 67890]}'
# Assign the group to specific projects
curl -s -X PUT "https://api.lokalise.com/api2/teams/${TEAM_ID}/groups/${GROUP_ID}/projects/add" \
-H "X-Api-Token: ${LOKALISE_API_TOKEN}" \
-H "Content-Type: application/json" \
-d '{"projects": ["PROJECT_ID_1", "PROJECT_ID_2"]}'
Step 5: Configure SSO (Enterprise Plan Only)
SSO is configured in the Lokalise dashboard, not via API. Map your IdP groups to Lokalise roles:
Navigate to Organization Settings > Single Sign-On
Select SAML 2.0 and enter your IdP metadata URL
Map IdP groups to Lokalise roles:
Engineering-Localization -> Admin
Translators-EMEA -> Contributor group "EMEA Translators"
Product-Managers -> Reviewer
Enable Enforce SSO to block password-based login for all org members
Set Default Role for new SSO users (recommend: member with no project access)