Couchdrop can be configured for SAML authentication via the web interface.

Pre-Requisites

Users must already exist in Couchdrop for SAML login and as Couchdrop supports login via SFTP and FTP, they must have a password set as well. SAML Login is only available through the web interface.

Configuration Steps

Enable SAML SSO

Login to Couchdrop as the owner. Navigate to Administration --> SSO --> SAML SSO

You will need to provide the following details to Couchdrop so that it can connect to your identity provider.

Azure SAML Setup

Required Fields

Configuring SSO with Couchdrop

This guide will help you if you want to provision Users between Okta and Couchdrop.

Supported Features

• Push Users Users created in Okta will also be created in Couchdrop

• Push User Updates User updates in Okta will be pushed to the corresponding users in Couchdrop

• User deactivation Users deactivated in Okta will be deactivated in Couchdrop

• Push Groups Groups created in Okta will also be created in Couchdrop

• Push Group updates Group updates in Okta will be pushed to the corresponding users in Couchdrop

• Group deactivation Groups deactivated in Okta will be deactivated in Couchdrop

• Import Users Users created in Couchdrop can be imported into Okta

• Import Groups Groups created in Couchdrop can be imported into Okta

Configuration Steps

Create User Provisioning Token in Couchdrop

Navigate to in Couchdrop’s interface and create a new Provisioning Token. This will be used in the Azure Active Directory provisioning process.

Setup an SCIM Application for User Provisioning in Okta

Select and configure the Couchdrop SCIM application from the Okta Application Catalogue.

Under Application - Application select Browse App Catalog

Search for Couchdrop SCIM and select the application

Click on Add Integration and then on Done

Assign User and Groups to the Application

Then configure the user provisioning by selecting the Provisioning tab and click Configure API Integration

Check the Enable API integration checkbox, provide the User Provisioning Token which you configured in the Couchdrop SSO interface into the API Token field and click Test API Credentials to verify the token and hit Save.

Select Edit and enable Create User, Update User Attributes and Deactivate Users

To push groups and their memberships from Okta into Couchdrop you can use the Push Group option. More information about this can be found

Configure user and group import from Couchdrop to Okta

If you want to import users and groups from Couchdrop into Okta select the To Okta Setting on the Provisioning Tab and select the scheduled import frequency and matching rules.

Then on the Import Tab click the Import Now button

You will see a list of all potential users and groups to import and can select the one you wish to import into Okta

and click Confirm Assignments to trigger the import.

Supported Features

• Push Users Users created in Azure will also be created in Couchdrop

• Push User Updates User updates in Azure will be pushed to the corresponding users in Couchdrop

• User deactivation Users deactivated in Azure will be deactivated in Couchdrop

• Push Groups Groups created in Azure will also be created in Couchdrop

• Push Group updates Group updates in Azure will be pushed to the corresponding users in Couchdrop

• Group deactivation Groups deactivated in Azure will be deactivated in Couchdrop

Configuration Steps

Create User Provisioning Token in Couchdrop

Navigate to in Couchdrop’s interface and create a new Provisioning Token. This will be used in the Azure Active Directory provisioning process.

Configure Enterprise Application in Azure Active Directory

Navigate to your in Microsoft’s admin portal and create an enterprise application.

Provide a name for the application and select “Integrate any other application you don’t find in the gallery (Non-gallery)

Next assign users and groups to the newly created application that you would like to have provisioned in Couchdrop.

Select Add user/group

Select the desired users or groups that should be provisioned through to Couchdrop then Select and Assign.

Configure SCIM provisioning between Azure Active Directory and Couchdrop

Navigate to the Provisioning Tab on the left hand side. Next select Get started to configure the tenant URL and the User Provisioning Token that was created in Step 1. Provisioning mode should be set to automatic. The Tenant URL is: .

Select Test Connection and Azure will attempt to connect as well and vwill retrieve schema information needed for the user and group mapping. If tested successfully then select Save.

Configure user mapping

Select Provision Azure Active Directory Users as required.

Couchdrop requires the following user SCIM attributes for the SCIM system to be mapped, all others should be removed.

The externalId attribute may need to be remapped from mailNickname to objectId on the Azure Active Directory attribute side depending on your settings.

Configure group mapping

Select Provision Azure Active Directory Groups as required.

Couchdrop requires the following user SCIM attributes for the SCIM system to be mapped.

Start the user and group provisioning process

Navigate back to the custom application breadcrumb (in this case it’s Couchdrop SCIM) and to Provisioning. From here select the Start provisioning button.

After the provisioning has completed running the first time a status should be required that indicates how many users and groups were provisioned within the Couchdrop product. Further information can be located by selecting View provisioning logs.