Seq can authenticate users in Microsoft Azure Active Directory. This makes it easier for organizations to centrally manage user accounts.
When this configuration is enabled, users will be redirected to an external Azure Active Directory sign-in page to authenticate when logging into Seq.
DNS configuration, SSL termination endpoints, and reverse proxies can all result in Seq "listening" at a different address from the one at which it is accessed.
In order for AAD to function correctly, ensure the correct reply address is generated by Seq using the instructions in this section.
Seq supports a "canonical URI" which it will use as its reply address when interacting with AAD. On Windows you can set it with:
seq config -k api.canonicalUri -v https://seq.example.com seq service restart
On Linux, you need to pass this URL to the container in the
BASE_URI environment variable.
The first step to enable AAD authentication in Seq is to open Settings > System and choose Enable Authentication.
If you've already enabled a different authentication provider, click Change beside the authentication provider edit box.
Preserving Existing User Accounts
If you have existing user accounts that you want to link and continue using with AAD, please contact Support for migration assistance.
Seq will load the Enable Authentication screen.
Choose Azure Active Directory from the Authentication Provider drop-down. This will show some edit boxes for the various pieces of information we'll collect from the Azure Portal.
In the App registrations screen, choose New app registration:
You can call the application anything you like that will help you to identify it.
Although the heading states that the redirect URI is optional, you must add the address of your Seq instance, with
/aad appended, here:
This will show the application's identifiers. Copy the Application ID and Directory ID values into the corresponding fields in Seq:
Under Certificates and Secrets, create a new client secret and copy it into the corresponding field in Seq:
Your Enable Authentication screen in Seq should now look like:
Finally, set the Administrator Username field in Seq to the email address of a user in the directory, and click Enable:
You'll be logged out of Seq, and should be presented with the Seq login screen:
When you click Log in using Azure Active Directory, you'll be asked to give the application access to your AAD account information.
Finally, you'll be redirected back to Seq, logged in as the admin user.
If you lose access...
AAD configuration can sometimes be tricky. If you made a mistake in the final step, you can reset Seq to use Basic authentication from the command-line on the Seq server.
seq.exe service stop seq.exe auth --basic -u "yourusername" -p "yourpassword" seq.exe service start
You must specify the
seq.exe authif a custom storage location is in use.
If you continue to have trouble, we're here to help - please contact us for support.
Seq won't automatically provision accounts for users in your directory. To do this, please go to Settings > Users and add users as required.
When adding users to Seq, the Username for the user is the email address that's used when logging in to AAD.
Updated over 3 years ago