Skip to main content

Integrate with SeaTable

Support level: Community

What is SeaTable?

SeaTable is a no-code database and app builder platform that provides a web-based, spreadsheet-like interface for organizing data, building apps, and automating workflows. It is designed to function as a collaborative database with features like tables, views, forms, and permissions.

-- https://seatable.com

Preparation

The following placeholders are used in this guide:

  • seatable.company is the FQDN of the self-hosted SeaTable installation.
  • authentik.company is the FQDN of the authentik installation.
SeaTable Cloud and self-hosted SeaTable

SeaTable supports SAML SSO for SeaTable Cloud Enterprise teams and self-hosted SeaTable Server Enterprise Edition installations. SeaTable Cloud requires domain verification in SeaTable Team Management, which is outside the scope of this guide.

For SeaTable Cloud, log in to SeaTable Cloud and navigate to Team Management > Teams > Settings > Single Sign-On. Keep the SeaTable-provided Entity ID, Assertion Consumer Service (ACS) URL, Login (SSO URL), and Logout values available while creating the authentik provider.

info

This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.

authentik configuration

To support the integration of SeaTable Cloud with authentik, you need to create SAML property mappings and an application/provider pair in authentik.

Create property mappings

SeaTable Cloud requires SAML attributes named contact_email, name, and uid. Create three SAML provider property mappings for these attributes.

  1. Log in to authentik as an administrator and open the authentik Admin interface.

  2. Navigate to Customization > Property Mappings and click Create.

  3. Select SAML Provider Property Mapping as the type and click Next.

  4. Create a property mapping with the following values:

    • Name: SeaTable contact_email

    • SAML Attribute Name: contact_email

    • Expression:

      return request.user.email
  5. Click Finish to save the property mapping.

  6. Repeat steps 2-5 to create the following additional property mappings:

    • Name: SeaTable name

    • SAML Attribute Name: name

    • Expression:

      return request.user.name
    • Name: SeaTable uid

    • SAML Attribute Name: uid

    • Expression:

      return request.user.uid

Create an application and provider

SAML provider changes in authentik 2026.5

authentik 2026.5 introduces changes to how the SAML provider behaves. Specifically, the provider now automatically sets the Issuer value to: https://authentik.company/application/saml/<application_slug>/metadata/

Older versions of authentik set this value to authentik by default. If you're running an older version, please set Issuer to https://authentik.company/application/saml/<application_slug>/metadata/, where <application_slug> is the slug that you selected for the application.

  1. Log in to authentik as an administrator and open the authentik Admin interface.

  2. Navigate to Applications > Applications and click New Application to open the application wizard.

    • Application: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Note the application Slug because you will use it later as <application_slug>.
      • Set the Launch URL to the Login (SSO URL) value from SeaTable.
    • Choose a Provider type: select SAML Provider as the provider type.
    • Configure the Provider: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
      • Set the ACS URL to the Assertion Consumer Service (ACS) URL value from SeaTable.
      • Set the Audience to the Entity ID value from SeaTable.
      • Set the SLS URL to the Logout value from SeaTable.
      • Set the Service Provider Binding to Post.
      • Under Advanced protocol settings:
        • Set an available Signing certificate.
        • Add the SeaTable contact_email, SeaTable name, and SeaTable uid property mappings that you created earlier to Property mappings.
    • Configure Bindings (optional): you can create a binding (policy, group, or user) to manage the listing and access to applications on a user's Application Dashboard page.
  3. Click Submit to save the new application and provider.

Download the signing certificate and retrieve the metadata URL

  1. Log in to authentik as an administrator and open the authentik Admin interface.
  2. Navigate to Applications > Providers and click the newly created SeaTable provider.
  3. Under Related objects > Download signing certificate, click Download. This certificate file will be required in the next section.
  4. Under Related objects > Metadata, click Copy download URL. This metadata download URL will be required in the next section.

SeaTable configuration

To support the integration of authentik with SeaTable Cloud, configure SeaTable with the authentik certificate and metadata URL.

Determine effective URL for metadata download

authentik's metadata download URL returns a 302 redirect, but SeaTable Cloud requires the effective URL. Run the following command to determine the effective URL:

curl -Ls -o /dev/null -w '%{url_effective}\n' "<metadata_download_URL>" 2>/dev/null

The output of this command will be required as the SeaTable metadata URL.

Configure SeaTable Cloud

  1. Log in to SeaTable Cloud and navigate to Team Management > Teams > Settings > Single Sign-On.
  2. Configure the following settings:
    • Metadata URL: enter the effective metadata URL from authentik.
    • Certificate: upload or paste the signing certificate that you downloaded from authentik.
    • Domain: select the email domain that should use this SSO configuration.
  3. Complete the DNS domain verification shown by SeaTable.

Configuration verification

To confirm that authentik is integrated correctly with SeaTable, log out of SeaTable and access SeaTable from the authentik application dashboard. You should be redirected to SeaTable.

Self-hosted troubleshooting

For self-hosted SeaTable, check /opt/seatable-server/seatable/logs/dtable_web.log for troubleshooting info if authentication fails.

Resources