Authentication

Seeq Directory

Demos, test systems,
smaller organizations

• Easiest to set up. Ready to go "out of the box".

• Built-in Seeq accounts do not sync with any external system.

• Adding and removing users requires manual intervention.

LDAP

Larger organizations

• Simple username & password authentication synced with Active Directory or an LDAP server.

• Users automatically gain or lose access to Seeq based on group membership.

• Users can access Seeq without being connected to the corporate intranet. Does not require Windows.

• Requires coordination with IT administrators: identifying LDAP server and groups.

• Group Allow List configuration is not user-friendly: requires using hard-to-read LDAP search syntax.

Windows Authentication

Larger organizations

• Passwordless single sign-on authentication synced with Active Directory.

• Users automatically gain or lose access to Seeq based on group membership.

• Requires coordination with IT administrators: creating an AD user for Seeq, creating an SPN.

• Requires either Seeq or a remote agent inside the corporate intranet and running Windows.

OpenID Connect

Larger organizations

• Web-style single sign-on authentication synced with an external directory: Azure Active Directory, Okta, many others.

• Users automatically gain or lose access to Seeq based on their access to the external directory.

• Users can access Seeq without being connected to the corporate intranet. Does not require Windows.

• Requires coordination with IT administrators: configuring the OpenID Connect provider.

• Not all external directories support limiting access to specific groups/accounts. Azure Active Directory does, others may not.

• Requires that either Seeq or a remote agent has access to the OpenID Connect provider.

Windows Authentication
(via the LDAP Connector)

-

• Allows Windows Authentication style login for Seeq servers running on Ubuntu.

• More difficult to set up and maintain than our other authentication mechanisms.