Microsoft ADFS Single Sign-On via SAML
Microsoft ADFS is just one of the authenticators supported by Streamlit for Teams. We have already released documentation for Okta, Azure AD, and generic SAML.
Enabling Single Sign-On via Microsoft ADFS allows members of your organization to securely sign in to Streamlit using the same email address and password they already use for their Microsoft/Outlook account.
Single Sign-On via ADFS for developers of your organization's apps
- Your developers can use ADFS SSO to log into Streamlit and access their app dashboard.
- Your developers can also give access to app viewers through their ADFS email addresses.
Single Sign-On via ADFS for viewers of your organization's private apps
- Viewers added to a private app can use ADFS SSO to authenticate their identity.
- These viewers must be added to the app's viewer list by their ADFS/org email address.
Configuring Microsoft ADFS SSO
The configuration of Microsoft ADFS SSO for your organization requires a few quick steps that should be completed by your organization's IT team or technical administrator.
Please complete this form
To complete steps 2 and 3, you will need an ACS URL and Identity Provider URI (Entity ID), which Streamlit will provide by emailing you a private Google Drive link. Please complete this form to provide us with your email address and some basic information about your organization.
Provide Streamlit with a Token Signature (X.509 Certificate)
- Follow WorkOS' instructions to generate the token signature (see "Obtain Identity Provider Details").
- Please share the Token Signature with Streamlit by uploading it here.
What is a Token Signature? The Token Signature is a certificate used to securely sign tokens issued by Azure AD. You can learn more about Azure AD token signing certificates here.
Provide Streamlit with an Identity Provider SSO URL
The IdP SSO URL provides Streamlit with a login endpoint to redirect your organization's users from our login page to your Azure AD login page.