SFTP Automation App Limitations - how are you getting your users into Docebo?

Hi, ​@dwilburn I don’t have anything to offer that you don’t already know 🤣, but I’m wondering if you can illuminate me on the SHA-1 algorithm.  Where in that process does it come into play? How are you finding that you don’t have it available? Is there an error msg you get?

Thanks for the help… I use this tool a lot, so I’m hoping that I won’t lose it.

Hi, ​@KMallette we had a feed working, meaning that another system was loading a file into the SFTP folder everyday, and then the automation was updating it. All was well.

SHA-1 was a function that was used to secure information. You can read about SHA-1 here. It has been deemed unsecure since 2005, and by 2010 most organizations recommended it’s replacement.

Our SFTP Automation broke when a system upgrade to the SFTP host disabled SHA-1 connections. While talking with Docebo support, it became clear that SHA-1 has to be enabled on our side, for SFTP Automation App to work. Due to security concerns we cannot go that route and I am currently hand loading CSV files into the system to add / update users. There are many improved solutions, such as SHA-2 and SHA-3. But Docebo has not updated the capability of the SFTP Automation app.

You can see some of this in cap below where support for SHA-1 in SAML will be going away later this year.

To sum it up, if your SFTP host (typically ran by IT) needs to be upgraded to no longer support SHA-1, then it will break your SFTP Automation until Docebo updates it. Which is not currently on a visible road map.

Apologies for the length, hope this helps.

We have SSO provisioning turned on becuase the SFTP file from our HRIS cannot create AND update users, which does not make sense to me. It got confused when I added a column for email and a column for username (which matched), but then when I took away email, it refused to create users.

So not helpful, but I see your point and we didn’t love that either.

​@armaan01 that is tough. I played with the SSO provisioning for just a bit, but it got out of control pretty quick. It was tough because the SSO support was on the other side of the globe. I turned it off.

​@dwilburn don’t love the sound of that but we are fairly small so hopefully it won’t get out of hand too badly 😅 fingers crossed (but thanks for the heads up!)

Hi ​@armaan01 This seems a bit wild to me. Because if you are creating the user via the SFTP, if you update the user record? And you leave the Active/Inactive column to 1? It will update the user.

Listening to an AD or an SSO can be a second/third best option, but in my experience, it is considered to be an “as is” scenario with big orgs - meaning you can land up with noise from your source.

And ​@dwilburn - thank you for writing up what you did. It is going to force me to review what protocols we have in place with our systems of record. 

Hi ​@dklinger it was great to see you at Inspire and ride back with you from the party!

Glad to help!