Streamlit Single Sign-on homepage

Azure AD is just one of the authenticators supported by Streamlit for Teams. We have already released documentation for Microsoft ADFS, Okta, and generic SAML.

Enabling Single Sign-On via Azure AD allows members of your organization to securely sign in to Streamlit using the same email address and password they already use for their Azure account.

  • Your developers can use Azure AD to log into Streamlit and access their app dashboard.
  • Your developers can also give access to app viewers through their Azure AD email addresses.
  • Viewers added to a private app can use Azure AD SSO to authenticate their identity.
  • These viewers must be added to the app's viewer list by their Azure AD/org email address.

There are three steps your team will need to complete to create an Azure AD connection:

  1. Please complete this form

    To complete steps 2 and 3, you will need an ACS URL and Identity Provider URI (Entity ID), which Streamlit will provide by emailing you a private Google Drive link. Please complete this form to provide us with your email address and some basic information about your organization.

  2. Provide Streamlit with a Token Signature (X.509 Certificate).

push_pin

Note

The Token Signature is a certificate used to securely sign tokens issued by Azure AD. You can learn more about Azure AD token signing certificates here

  1. Provide Streamlit with an Identity Provider SSO URL.

push_pin

Note

The IdP SSO URL provides Streamlit with a login endpoint to redirect your organization's users from our login page to your Azure AD login page.

Was this page helpful?

editSuggest edits
forum

Still have questions?

Our forums are full of helpful information and Streamlit experts.