Couchdrop integrates with your identity provider using SAML 2.0 for SSO and SCIM 2.0 for user provisioning
How SSO works in Couchdrop
SSO authentication applies to the Couchdrop web interface only. When a user accesses the Couchdrop web interface, they authenticate through your identity provider's login flow rather than with a Couchdrop-specific password.
Because SFTP, FTPS, SCP, and AS2 connections use password or SSH key authentication, these protocols do not support SAML.
SCIM provisioning in Couchdrop
When SCIM is configured, you can enable user management through your identity provider through SCIM provisioning. Couchdrop allows you to create tokens to securely provision and manage users via your identity provider.
The following are supported:
- Push new users to Couchdrop
- Push User Updates
- Deactivate users automatically
- Push new Groups
- Push Group updates and deactivation
User matching is done via email address, so the email address in your identity provider must match the email address in Couchdrop exactly.
Supported identity providers
Couchdrop supports SSO and SCIM with the following identity providers:
Azure Active Directory / Microsoft Entra — Native SAML and SCIM integration using standard Microsoft attributes. User and group provisioning are both supported.
Okta — Direct integration using the Couchdrop application in the Okta catalog with bi-directional support. Okta can push users and groups from Okta to Couchdrop, and Couchdrop can also import users and groups from Couchdrop into Okta.
SAML SSO — Any identity provider that supports the SAML 2.0 specification can be configured manually.
