Skip to content

Multi-Tenancy Support

Multi-tenancy feature is designed for hosting providers that what to host several customers in a single Seafile instance. You can create multi-organizations. Organizations is separated from each other. Users can't share libraries between organizations.

Seafile Config


multi_tenancy = true



ORG_ENABLE_ADMIN_CUSTOM_NAME = True  # Default is True, meaning organization name can be customized
ORG_ENABLE_ADMIN_CUSTOM_LOGO = False  # Default is False, if set to True, organization logo can be customized

ENABLE_MULTI_ADFS = True  # Default is False, if set to True, support per organization custom ADFS/SAML2 login
LOGIN_REDIRECT_URL = '/saml2/complete/'
    'name': ('display_name', ),
    'mail': ('contact_email', ),


An organization can be created via system admin in “admin panel->organization->Add organization”.

Every organization has an URL prefix. This field is for future usage. When a user create an organization, an URL like org1 will be automatically assigned.

After creating an organization, the first user will become the admin of that organization. The organization admin can add other users. Note, the system admin can't add users.

ADFS/SAML single sign-on integration in multi-tenancy

Preparation for ADFS/SAML

The system admin has to complete the following works.

Fisrt, install xmlsec1 package:

$ apt update
$ apt install xmlsec1

Second, prepare SP(Seafile) certificate directory and SP certificates:

Create sp certs dir

$ mkdir -p /opt/seafile/seahub-data/certs

The SP certificate can be generated by the openssl command, or you can apply to the certificate manufacturer, it is up to you. For example, generate the SP certs using the following command:

$ cd /opt/seafile/seahub-data/certs
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout sp.key -out sp.crt

Note: The days option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly.

Finally, add the following configuration to and then restart Seafile:

LOGIN_REDIRECT_URL = '/saml2/complete/'
    'name': ('display_name', ),
    'mail': ('contact_email', ),

Note: If the xmlsec1 binary is not located in /usr/bin/xmlsec1, you need to add the following configuration in

SAML_XMLSEC_BINARY_PATH = '/path/to/xmlsec1'

View where the xmlsec1 binary is located:

$ which xmlsec1

Note: If certificates are not placed in /opt/seafile/seahub-data/certs, you need to add the following configuration in

SAML_CERTS_DIR = '/path/to/certs'

Integration with ADFS/SAML single sign-on

Please refer to this document.