SAML SSO and SCIM are available for organizations on Coda's Enterprise plan. This article is intended for org admins who use Microsoft Entra ID (formerly known as Azure AD) as their Identify Provider. Below we will walk through the specific steps necessary to set up both SSO and SCIM in Coda. If you use a different Identity Provider, please check out this article instead.

ℹ️ Please note that SSO and SCIM are only available to customers on Coda’s Enterprise plan.

Supported features

SAML and SCIM allow org admins to authenticate and provision users in their organization. Within Coda, the following SAML and SCIM features are supported for Microsoft Entra ID:

SAML

IdP-initiated SSO
SP-initiated SSO
Just-In-Time provisioning

SCIM

Create users
Update user attributes
Deactivate users
Create groups

For additional details, you can also refer to Entra ID's documentation here. Note that the gallery app is outdated.

Configure SAML SSO

Please note that the following instructions are specific to Microsoft Entra ID (formerly Azure AD). If you use a different identity provider, refer to this article instead.

Part 1: Create a custom Coda app

To configure the integration of Coda into Microsoft Entra ID, you need to create a custom Coda app. Do NOT use the existing Coda app in the Entra ID Gallery, as it does not support the latest updates to share with groups at this time.

Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
Navigate to Identity > Applications > Enterprise applications > New application.
Create a custom app to connect to Coda.

Part 2: Enable SSO in Coda

Go to coda.io/docs
In the lower left corner, select More options, then select Organization Settings
Navigate to the Authentication tab.
Scroll down to the Authenticate with SSO (SAML) option, and toggle this on. Then click Configure SAML.
Click into the SAML provider dropdown, and choose Microsoft Entra ID (Azure AD) from the list of options.
In the For Microsoft Entra ID (Azure AD) section on the left, click the Download button next to the SAML metadata URL field. You will upload this file into Entra in subsequent steps.

Part 3: Configure SSO in Entra ID

Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
Browse to Identity > Applications > Enterprise applications > Coda > Single sign-on.
On the Select a single sign-on method page, select SAML.
On the Set up single sign-on with SAML page, click on Upload metadata file (towards the top of the page).
Click on the folder logo and select the file you downloaded in the previous portion and click Upload.
After the metadata file is successfully uploaded, the Identifier and Reply URL values will autofill in Basic SAML Configuration section.
Finally, scroll down to the SAML Certificates section, and click the copy button next to the App Federation Metadata Url.

Part 4: Finish SSO configuration in Coda

Return to the Coda SAML setup page for the following steps.

In the From Microsoft Entra ID (Azure AD) section (on the right), paste the App Federation Metadata Url value you copied earlier into the App Federation Metadata URL field. Click the Import button.
1. Sign on URL, Issuer, and Signing certificate will auto-fill. Make any manual edits if needed.
Select Save.

This completes the work necessary for the SAML SSO connection setup 🎉

Optional step: Test your SSO configuration

In this section, you can test your Microsoft Entra ID single sign-on configuration with following options.

Click on Test this application, and you should be automatically signed in to the Coda for which you set up the SSO.
You can use Microsoft My Apps. When you click the Coda tile in the My Apps, you should be automatically signed in to the Coda for which you set up the SSO. For more information about the My Apps, see Introduction to the My Apps.

Configure SCIM

Please note that the following instructions are specific to Microsoft Entra ID (formerly Azure AD). If you use a different identity provider, refer to this article instead.

Part 1: Enable SCIM in Coda

The first step is to enable SCIM within your Coda organization settings. Note that you must be an Enterprise org admin to follow these steps:

Go to coda.io/docs
In the lower left corner, select More options, then select Organization Settings
Go to the Provisioning tab.
Ensure Provision with SCIM is enabled.
Click Generate New Token. (Note: Only one SCIM token is valid at a time. If SCIM was previously configured, generating a new token invalidates the previous token.)
Note the SCIM Base URL and SCIM Bearer Token. You will need this information later.

Part 2: Configure SCIM in Entra ID

Next, you’ll need to configure SCIM within Entra ID:

In Entra ID, click on the Provisioning tab in your Coda integration app.
Click Get started.
Set Provisioning mode to Automatic
Expand the Admin credentials section
Paste the SCIM Base URL from Coda (see the steps in the section above) into the Tenant URL field.
Paste the SCIM Bearer Token from Coda into the Secret Token field.
Click Test Connection to verify you have correctly completed these steps.
Once you’ve tested the connection, click Save.
Finally, click Start provisioning (towards the top of the page) to enable provisioning.

FAQs

I accidentally added the existing Coda Gallery app instead of creating a new custom Coda app. What do I do?

The Gallery app for Coda does not support the latest updates to share with groups at this time, so you will have to transition from using the Coda Gallery app to a custom app if you'd like to grant your organization the ability to share docs and folders to groups.

From the Provisioning tab in your existing gallery app, disable provisioning (via the Stop provisioning setting)
Then create a new application in Azure under Enterprise applications.
Then press Create your own application to create a custom app to connect to Coda. Do not use the Gallery app for Coda as it does not support the latest updates to share with groups at this time.

You’ve successfully transitioned to a custom app!