DocumentationDiscussions
Documentation
DocumentationDiscussions
These docs are for v2020.1. Click to read the latest docs for v2024.2.

Azure Active Directory Authentication

Instructions for setting up Azure Active Directory authentication with Seq

Seq can authenticate users in Microsoft Azure Active Directory. This makes it easier for organizations to centrally manage user accounts.

When this configuration is enabled, users will be redirected to an external Azure Active Directory sign-in page to authenticate when logging into Seq.

Before you begin...

📘

DNS configuration, SSL termination endpoints, and reverse proxies can all result in Seq "listening" at a different address from the one at which it is accessed.

In order for AAD to function correctly, ensure the correct reply address is generated by Seq using the instructions in this section.

Seq supports a "canonical URI" which it will use as its reply address when interacting with AAD. On Windows you can set it with:

seq config -k api.canonicalUri -v https://seq.example.com
seq service restart

On Linux, you need to pass this URL to the container in the BASE_URI environment variable.

Getting started

The first step to enable AAD authentication in Seq is to open Settings > System and choose Enable Authentication.

1451

If you've already enabled a different authentication provider, click Change beside the authentication provider edit box.

🚧

Preserving Existing User Accounts

If you have existing user accounts that you want to link and continue using with AAD, please contact Support for migration assistance.

Seq will load the Enable Authentication screen.

Choose Azure Active Directory from the Authentication Provider drop-down. This will show some edit boxes for the various pieces of information we'll collect from the Azure Portal.

Registering Seq as an application in Azure Portal

In the App registrations screen, choose New app registration:

1161

You can call the application anything you like that will help you to identify it.

Although the heading states that the redirect URI is optional, you must add the address of your Seq instance, with /aad appended, here:

1451

This will show the application's identifiers. Copy the Application ID and Directory ID values into the corresponding fields in Seq:

1451

Under Certificates and Secrets, create a new client secret and copy it into the corresponding field in Seq:

1451

Your Enable Authentication screen in Seq should now look like:

1451

Finally, set the Administrator Username field in Seq to the email address of a user in the directory, and click Enable:

1451

You'll be logged out of Seq, and should be presented with the Seq login screen:

1451

When you click Log in using Azure Active Directory, you'll be asked to give the application access to your AAD account information.

1451

Finally, you'll be redirected back to Seq, logged in as the admin user.

📘

If you lose access...

AAD configuration can sometimes be tricky. If you made a mistake in the final step, you can reset Seq to use Basic authentication from the command-line on the Seq server.

seq.exe service stop
seq.exe auth --basic -u "yourusername" -p "yourpassword"
seq.exe service start

You must specify the --storage= argument to seq.exe auth if a custom storage location is in use.

If you continue to have trouble, we're here to help - please contact us for support.

Add Users

Seq won't automatically provision accounts for users in your directory. To do this, please go to Settings > Users and add users as required.

📘

When adding users to Seq, the Username for the user is the email address that's used when logging in to AAD.

Updated almost 4 years ago