Only the Right People Get to a File
When someone signs in, Files.com checks with Okta first. So the only people who can open a file are the people Okta says can. Okta decides who they are. Files.com decides which folders they reach.
Govern Files.com Access From Okta
Files.com connects to Okta like the rest of your apps do. People sign in with the Okta login they already use (SSO). New hires get file access automatically and people who leave lose it automatically (SCIM). And one click to deactivate someone in Okta cuts their file access across the web, SFTP, and the Desktop App at once.
Why Teams Run Files.com Behind Okta
For a lot of companies, Okta is the front door to everything. It checks who people are, makes them pass a second login check, and handles them from the day they are hired to the day they leave. Files.com sits behind that same front door. So moving files plays by the same rules as every other app Okta watches over.
New Hires Get Access, Departing People Lose It, On Their Own
The moment someone is added in Okta, they get their Files.com access. The moment they are turned off in Okta, they lose it across SFTP, the web, and the Desktop App at once. Which Okta group they are in decides which folders they can open, so a new hire has the right access on day one. You stop setting up file accounts by hand, and nobody keeps access to your files after they leave. This is what SCIM does.
You Only Pay for People Who Actually Sign In
You can sync your whole Okta directory into Files.com and not pay for the people who never log in. A seat starts counting only once that person signs in for the first time. So syncing everyone costs you nothing for the people who never show up.
A Second Login Check, in Okta or in Files.com
Keep your second-factor check (MFA) in Okta for your own staff. For partners and outside accounts Okta does not manage, Files.com can require its own second factor (2FA). It covers SFTP, FTP, and WebDAV too, not just the browser. So an outside account can’t skip the second check by connecting over SFTP, and everyone gets one whether or not Okta knows them.
Use SAML or OIDC (We Recommend SAML)
Files.com works with Okta over either standard. We recommend SAML. It handles more cases, and it is the only one that brings the automatic new-hire and departure sync (SCIM) along with it.
app.files.com
Okta Governs Who Gets In. Files.com Governs What They Do
Okta decides who is allowed in. Files.com decides what they can do once they are in. You get nine levels of access, set per person or per group, folder by folder. You can also block access and fence in junior admins, so people only reach the files their job needs. Every sign-in, every account sync, every second-factor check, and every permission change is written to the Files.com audit log, so when the auditor asks who could touch what, you have the answer on hand.
Accounts Created and Removed for You
SCIM creates people's accounts, keeps their details up to date, and turns them off. It is all automatic, set up once in Okta. Turn someone off in Okta and their Files.com access is gone on the next sync. So you never set up or remove a file user by hand, and the list of who can reach your files is always right.
A Clear Record When Something Looks Off
Files.com keeps a separate, detailed log of every SCIM action, so you can see exactly what Okta sent for each account it created, changed, or turned off. So when a sync looks wrong, you can track down the cause in minutes instead of guessing. It sits alongside the main audit log of who signed in and what permissions changed.
Okta Groups Decide Who Sees Which Folders
An Okta group named for a department maps straight to the folders that group can open, or to an admin role. So access stays defined in Okta, where your security team already runs it.
The Second-Factor Check Covers SFTP Too
Files.com's second-factor check (2FA) reaches SFTP, FTP, and WebDAV, not just the browser. So partner and outside accounts Okta does not manage still get a second login check on every way in.
The Details That Matter for Okta
Full Create, Update, and Remove
Create people, keep their details current, and turn them off, all driven from Okta. Change the Okta directory and file access follows, with no one touching Files.com (this is SCIM).
Auto-Create on First Login, Without SCIM
If you have not turned on SCIM yet, Files.com just creates the account the first time someone signs in (this is JIT). It cannot remove or disable people, though. Use SCIM when you need departing people cut off automatically.
Let Only the Right Groups In
Point specific Okta groups at the right level of access, so only the right people land in Files.com, with the right permissions. The people who were never meant to reach your files never get an account in the first place.
Several Okta Setups, One Files.com Site
Connect more than one Okta instance or app to a single Files.com site, so separate business units can run their own Okta against one shared file platform.
Connect Okta the Way That Fits Your Workload
SAML SSO
The recommended way in. It is the only one that brings the automatic new-hire and departure sync (SCIM) with it. People sign in to Files.com with their Okta login.
OIDC SSO
The other sign-in standard. People log in with their Okta account. It handles login only, with no automatic account sync (SCIM).
Automatic Account Sync (SCIM)
Turn this on when you want new hires created, changes kept current, departing people turned off, and group membership synced. It is all automatic, with no one touching Files.com.
Auto-Create on First Login (JIT)
Nothing extra to set up. This is what happens when account sync (SCIM) is off. Accounts are created the first time someone signs in. Good for getting started fast before you need full automation.
How Teams Use Okta on Files.com
Sign In With Okta, Everywhere
Someone clicks Sign in with Okta on the Files.com login page and logs in with their Okta account. They are in, using the same login they use for the rest of your apps.
Add Someone to a Group, Their Account Appears
Add an employee to the "EDI Team" group in Okta. Files.com creates their account, puts them in that group, and gives them exactly the folders and access that group is meant to have. No manual setup.
One Action to Cut Off a Departing Employee
HR turns off a departing employee in Okta. On the next sync, their Files.com account is turned off too. SFTP, the web, and the Desktop App are all gone in one step. Nobody has to remember to revoke file access, so a former employee can’t keep a way in you forgot to close.
Require a Second Check From Outside Partners
Your own staff sign in through Okta. Outside partner accounts created in Files.com are required to use Files.com's second-factor check (2FA). It holds over SFTP and WebDAV, not just the browser.
Files.com Features Often Used With Okta
Groups & User Administration
The folder permissions your Okta groups map into. You get nine levels of access per folder, with the ability to block access and to fence in junior admins.
Learn MoreAudit Log & Forensic Trail
Every Okta sign-in, second-factor check, and account sync is written to a tamper-proof record you can export.
Learn MoreSFTP & Protocol Access
Folder permissions and the second-factor check reach SFTP, FTP, and WebDAV, not just the browser an Okta user signs into.
Learn MoreData Retention & Governance
Rules that decide how long files stick around once an Okta user has put them in Files.com.
Learn MoreFrequently Asked: Okta on Files.com
Common questions about how Files.com connects to Okta and what the integration actually does.
Wire Okta To Files.com And Sign In Today
Start a free 7-day trial. Connect Okta over SAML, turn on account sync, and watch sign-in and new-hire-and-departure updates work against your own directory. No credit card required.
No credit card required • 7-day free trial • Setup in minutes