Seq can authenticate users in Microsoft Azure Active Directory. This makes it easier for organizations to centrally manage user accounts.
When this configuration is enabled, users will be redirected to an external Azure Active Directory sign-in page to authenticate when logging into Seq.
Seq requires three pieces of information in order to use AAD as an authentication mechanism:
- Tenant Id - this is the unique identifier of the Azure Active Directory instance
- Client Id - this identifier will be assigned when Seq is set up as an application in the directory instance
- Client Key - this is the secret key Seq will use when communicating with AAD
The following steps describe how to set up Seq to authenticate users in AAD.
A Seq Business or Enterprise edition license is required in order to use this feature.
To find your Tenant Id, open the Azure Management Portal. (At the time of writing Active Directory is not available in the new Azure Portal.)
- In the left navigation bar, find Active Directory
- Choose Applications from the top menu
- At the bottom of the screen, select the View Endpoints button
This should show a dialog like the one below.
The Tenant Id is a GUID style identifier that appears in each of the URLs listed. Copy this value and keep it for Step 4.
Still on the Applications page, select New at the bottom left, and choose Add an application my organization is developing.
The app should be called Seq:
In the following dialog, provide the base URL for your Seq instance as the Sign-on URL. Don't worry too much about the App Id URI setting - it just needs to be unique.
- Copy the Client Id value: this is required in step 4.
- Add an item to the Keys list - once the configuration is saved the Client Key will appear here
- Edit the Reply URL to append
/aadto the path
- Press Save
- Copy the Client Key from the item created in (2)
You should now have the Tenant Id, Client Id and Client Key values needed when configuring Seq.
Before starting this step, ensure your Seq server has access to the Internet.
If you are enabling authentication for the first time, you can do this after entering a trial or purchased license key and going to Settings > Users in Seq.
If you have an existing Seq instance with authentication already enabled and want to switch to Azure Active Directory, go to Settings > System and next to Authentication provider select Change.
Preserving Existing User Accounts
If you have existing user accounts that you want to link and continue using with AAD, please contact Support for migration assistance.
At the Change Authentication screen, choose Azure Active Directory from the Authentication Provider drop-down.
You will now see edit boxes for Tenant Id, Client Id, and Client Key collected in the previous phases.
The Username entered here must exist in the AAD tenant. This will become the admin user after the authentication provider has been changed.
After selecting Enable, Seq will switch to AAD authentication mode and present you with the Login screen where you must authenticate using AAD.
If you lose access...
AAD configuration can sometimes be tricky. If you made a mistake in the final step, you can reset Seq to use Basic authentication from the command-line on the Seq server.
seq.exe stop seq.exe auth --basic -u "yourusername" -p "yourpassword" seq.exe start
You must specify the
--storage= argument to
seq.exe auth if a custom storage location is in use.
If you continue to have trouble, we're here to help - please contact us for support.
Seq won't automatically provision accounts for users in your directory. To do this, please go to Settings > Users and add users as required.
When adding users to Seq, the Username for the user is the email address that's used when logging in to AAD.