Can streamlit be integrated with Okta SAML protocol to authenticate user request?

We need to host streamlit on internal linux server (not on cloud yet) and was looking for ways to integrate with Okta security (restrict to internal users based on global group etc).

There is some reference if streamlit app is hosted on cloud but we are not there yet.

any pointers or doc links would be highly appreciated. thanks

Hi @vbabaria -

It can be done (as you mention, we show that with Streamlit Cloud), but that functionality is outside of the Streamlit Python package. Meaning, the workflow is something like:

  1. User logins in to Okta
  2. User clicks on server resource
  3. If the permissions for the user allow it, Okta lets the user see the resource

So in that sense, however you set up Okta to do any server authentication process is how you would do it for Streamlit, but that’s a question for your Okta rep/admin to be able to answer.

Best,
Randy

Thanks for the response.

so essentially, i will have to redirect to streamlit url, if okta user permission is allowed?

However wouldn’t it create a security flow since streamlit request has no knowledge about okta auth and will not be able to validate the token?

Trying to understand how to implement security for streamlit POC app that is hosted on internal server and not on cloud yet.

Yes, this is what I was describing, but it’s important to note that I can’t be your source for actual security protocol. You definitely want to talk to Okta or your Okta admin about how this should be set up properly :slight_smile: