Setup SeekTable single sign-on with Azure Directory

To enable single sign-on on your self-hosted SeekTable installation you need to have active Single sign-on subscription. If you want to evaluate this feature before purchase you can request free 14-day trial.

Part 1: App Registration in Azure Active Directory

Note: you need to have "Global administrator" role in your directory.

  1. Go to portal.azure.com → Azure Active Directory → App registrations → New Application Registration:
    Azure Active Directory: App New Registration

  2. Enter application name and self-hosted SeekTable URI:
    Azure Active Directory: Register an Application
    NOTE: you can use http://localhost for testing purposes but for non-localhost HTTPS is required. To enable HTTPS for self-hosted SeekTable you can use NGINX as reverse proxy and configure it to use SSL sertificate (if you don't have it you can get it for free with Let's Encrypt).

  3. Go to Endpoints and copy Federation Metadata Document URI: Azure Active Directory: WS Federation Metadata Address
    This is a value for MetadataAddress SeekTable SSO setting (described below).

  4. Go to Expose an API , click on Set near Application ID URI and then Save: Azure Active Directory: Application ID URI
    This is a value for Wtrealm SeekTable SSO setting (described below).

Part 2: Configure SeekTable SSO settings

Find docker-compose.seektable.env file and add the following lines:

SeekTable_ST:SsoWsFederation:Wtrealm=Paste_Application_ID_URI_here
SeekTable_ST:SsoWsFederation:MetadataAddress=Paste_Federation_Metadata_Document_URI_here
SeekTable_ST:SsoWsFederation:LocalLoginDisabled=false
SeekTable_ST:SsoWsFederation:LoginButtonText=Login with Azure Directory

Restart self-hosted SeekTable docker containers; after that new button should be present on the Login page:

SeekTable Login page: Login with Active Directory button

If SSO works correctly you can set LocalLoginDisabled=true to disable login form at all (only SSO with Azure Directory will be possible).