Streamlit Single Sign-on homepage

Microsoft ADFS is just one of the authenticators supported by Streamlit for Teams. We have already released documentation for Okta, Azure AD, and generic SAML.

Enabling Single Sign-On via Microsoft ADFS allows members of your organization to securely sign in to Streamlit using the same email address and password they already use for their Microsoft/Outlook account.

  • Your developers can use ADFS SSO to log into Streamlit and access their app dashboard.
  • Your developers can also give access to app viewers through their ADFS email addresses.
  • Viewers added to a private app can use ADFS SSO to authenticate their identity.
  • These viewers must be added to the app's viewer list by their ADFS/org email address.

The configuration of Microsoft ADFS SSO for your organization requires a few quick steps that should be completed by your organization's IT team or technical administrator.

  1. Please complete this form

    To complete steps 2 and 3, you will need an ACS URL and Identity Provider URI (Entity ID), which Streamlit will provide by emailing you a private Google Drive link. Please complete this form to provide us with your email address and some basic information about your organization.

  2. Provide Streamlit with a Token Signature (X.509 Certificate)

push_pin

Note

What is a Token Signature? The Token Signature is a certificate used to securely sign tokens issued by Azure AD. You can learn more about Azure AD token signing certificates here.

  1. Provide Streamlit with an Identity Provider SSO URL

push_pin

Note

The IdP SSO URL provides Streamlit with a login endpoint to redirect your organization's users from our login page to your Azure AD login page.

Was this page helpful?

editSuggest edits
forum

Still have questions?

Our forums are full of helpful information and Streamlit experts.