Okta OpenID Connect

Introduction
Why Okta and OpenID Connect?
Single sign-on for users and administrators
How the Integration Works
Migrate to Okta without disrupting your legacy file transfers
Okta Integration? We're Here to Help.

Introduction

SFTPPlus and Okta: Streamlining Authentication with OpenID Connect

In today's interconnected world, secure and efficient user authentication is crucial. SFTPPlus MFT, a leading Managed File Transfer (MFT) solution, leverages the power of Okta's OpenID Connect (OIDC) to provide Single Sign-On (SSO) capabilities for both file transfer and administrative services. This integration simplifies user management, enhances security, and improves the overall user experience.

The Okta Single Sign-On is available to be deployed in parallel with legacy authentication methods, simplifying the transition process to modern authentication methods.

Why Okta and OpenID Connect?

Okta is an industry-leading identity management platform that provides Single Sign-On (SSO), Multi-Factor Authentication (MFA), and lifecycle management for users.

OpenID Connect (OIDC) is a modern authentication protocol built on top of OAuth 2.0, providing a standardized way to authenticate users and applications.

By leveraging Okta's OIDC capabilities, SFTPPlus MFT can delegate authentication to Okta, allowing organizations to centralize user management, apply MFA, and streamline access to both file transfer services and administrative panels.

Integrating Okta with SFTPPlus MFT brings several advantages:

Unified access management across file transfer and administrative portals.
Reduced password fatigue by using existing Google Workspace credentials.
Stronger security with multi-factor authentication (MFA) and standardized OAuth 2.0-based token exchanges.
Simplified onboarding and offboarding through centralized user provisioning.
Compliance. OIDC is an industry-standard protocol, helping organizations meet compliance requirements related to data security and access control.
Vendor independence: SFTPPlus MFT as well as Okta are based as open standards.
Support for legacy systems with hybrid authentication methods easing the migration process to Okta.

By connecting SFTPPlus MFT to Okta, organizations can streamline operations and strengthen the security of their file transfer servers.

Single sign-on for users and administrators

SSO for File Transfer Operations

SFTPPlus offers HTTPS based file transfer interfaces that can be protected via external authentication mechanisms like Okta OpenID connect.

Users access the HTTPS file transfer server using their Okta accounts.

Authentication is handled through the OAuth 2.0 protocol, with SFTPPlus validating user identity using OpenID Connect (OIDC) tokens.

File transfer sessions are securely established only after the user's identity has been verified by Okta (include multi-factor authentication methods) and SFTPPlus access rules have been applied based on user's groups membership.

This integration enables end users to securely upload, download, and manage files without managing separate login credentials, reducing friction and improving usability across the organization.

SSO for Administrative Operations

Beyond user file transfers, securing administrative access is critical to protecting sensitive system configurations and audit data.

SFTPPlus MFT also allows administrative users to authenticate through Okta.

The administrative portal (web-based UI) can be protected using OAuth 2.0 and SSO.

Admin users are granted roles and permissions based on their Okta group memberships.

Access control policies can be enforced consistently across all your services, not only the FTP or SFTP servers.

How the Integration Works

You can check our documentation page dedicated to Okta OpenID Connect for a detailed technical description on how to integrate SFTPPlus MFT and Google Identity.

Okta integration is available in SFTPPlus since version 5.12.0, released in April 2025.

In this article, we provide a high level description on the process of integrating SFTPPlus MFT with Okta for SSO:

Create the Okta authentication method inside SFTPPlus product. This will get you on Okta unique ID used by SFTPPlus.
Create the SFTPPlus MFT integration inside your Okta organization. This will get you the SFTPPlus unique ID and secret used by Google Cloud.
Configure Okta with the sign-in redirect URI based on the URL used to deploy your SFTPPlus MFT server
OAuth 2.0 Authorization Flow. Users are redirected to Okta's authentication service when trying to access SFTPPlus resources.
Access Granting. Based on configured rules, SFTPPlus grants access to file transfer or administrative functionalities depending on the authenticated user's group membership.

This architecture ensures that user credentials are never directly handled by SFTPPlus MFT, maintaining a strong separation between the authentication provider (Okta) and the file transfer service (SFTPPlus MFT).

Migrate to Okta without disrupting your legacy file transfers

Integrating SFTPPlus MFT with Okta's OIDC provides a secure, efficient, and user-friendly authentication solution. By centralizing user management and leveraging industry-standard protocols, organizations can streamline access to critical file transfer services and administrative functions, enhancing both security and productivity.

Support is provided for legacy authentication methods and you can operate SFTPPlus MFT in a hybrid environment with both Okta credentials as well as with your other non-Google credentials, for example Active Directory or independent application users.

With SFTPPlus MFT you can migrate to Okta authentication without any distribution to the existing legacy transfers. SFTPPlus MFT can be deployed with hybrid authentication allowing access for both legacy and Okta users.

Okta Integration? We're Here to Help.

Ready to streamline the authentication of your file transfer services with Okta's robust SSO capabilities?

Our expert support team is on hand to guide you through the integration process. Whether you need assistance with configuration, best practices for secure implementation, or want to explore the full potential of this powerful combination, don't hesitate to reach out.

👉 Contact our dedicated SFTPPlus support team for personalized help and consultancy tailored to your specific needs and environment. We're here to ensure a smooth and successful integration.