Microsoft Azure AD Single Sign-On via SAML
Azure AD is just one of the authenticators supported by Streamlit for Teams. We have already released documentation for Microsoft ADFS, Okta, and generic SAML.
Enabling Single Sign-On via Azure AD allows members of your organization to securely sign in to Streamlit using the same email address and password they already use for their Azure account.
Single Sign-On via Azure AD for developers of your organization's apps
- Your developers can use Azure AD to log into Streamlit and access their app dashboard.
- Your developers can also give access to app viewers through their Azure AD email addresses.
Single Sign-On via Azure AD for viewers of your organization's private apps
- Viewers added to a private app can use Azure AD SSO to authenticate their identity.
- These viewers must be added to the app's viewer list by their Azure AD/org email address.
Configuring Microsoft Azure AD SSO
There are three steps your team will need to complete to create an Azure AD connection:
Please complete this form
To complete steps 2 and 3, you will need an ACS URL and Identity Provider URI (Entity ID), which Streamlit will provide by emailing you a private Google Drive link. Please complete this form to provide us with your email address and some basic information about your organization.
Provide Streamlit with a Token Signature (X.509 Certificate).
- Follow WorkOS' instructions to generate the token signature (see "Obtain Identity Provider Details").
- Please share the Token Signature with Streamlit by uploading it here.
The Token Signature is a certificate used to securely sign tokens issued by Azure AD. You can learn more about Azure AD token signing certificates here
Provide Streamlit with an Identity Provider SSO URL.
The IdP SSO URL provides Streamlit with a login endpoint to redirect your organization's users from our login page to your Azure AD login page.