How to set up secure B2B integrations using SharePoint and Cloud Storage

B2B file exchange is essential for many businesses, yet modern cloud storage platforms like SharePoint, Google Drive, and Dropbox don't natively support the SFTP protocol that trading partners, vendors, and customers rely on. This creates a fundamental challenge: your organization has migrated to the cloud for its scalability and collaboration benefits, but your external partners still require SFTP access to exchange files securely—and they shouldn't have direct access to your cloud storage accounts.

Couchdrop solves this problem by acting as a secure gateway between your cloud storage and external organizations. You can configure B2B integrations that allow trading partners to connect via SFTP, upload files through secure web forms, or exchange data via AS2—all without exposing your underlying storage credentials or requiring partners to adopt new systems.

In this guide, you will configure a complete B2B integration using Couchdrop. You will connect your cloud storage, create isolated access for external partners, and set up automated workflows to process incoming files. When you finish, external organizations will be able to securely exchange files with your business using their existing tools and protocols.

Prerequisites

To complete this tutorial, you will need:

• A Couchdrop account with Admin permissions. You can sign up for a free trial at couchdrop.io/register
• Access to your cloud storage platform (SharePoint, OneDrive, Google Drive, AWS S3, or similar) with appropriate permissions to grant access to third-party applications
• Basic familiarity with file transfer concepts. If you're new to SFTP, read What is SFTP? before proceeding

Step 1 — Understanding B2B Integration Requirements

Before configuring your B2B integration, you need to understand what your trading partners require and how Couchdrop addresses those requirements without compromising security.

Traditional B2B file exchange presents three common challenges:

Protocol Requirements: Many organizations, particularly in regulated industries like finance and healthcare, require SFTP for secure file transfers. Cloud storage platforms don't support SFTP natively, forcing businesses to maintain separate legacy SFTP servers or build custom solutions.

Access Isolation: External partners need access to specific files, but you cannot give them full access to your cloud storage. They shouldn't see your internal file structure, other partners' data, or sensitive organizational information.

Workflow Automation: Files arriving from partners often require processing—decryption, validation, transformation, or routing to internal systems. Managing these workflows manually creates bottlenecks and increases error risk.

Couchdrop addresses these challenges through a gateway architecture. Your cloud storage remains secure behind your existing authentication, while Couchdrop provides the SFTP endpoint (and other protocols) that external partners connect to. When partners transfer files, Couchdrop streams them directly to your cloud storage without storing them at rest. Partners never receive credentials to your storage platforms—they only authenticate against Couchdrop's isolated user accounts.

This separation means you can configure granular access controls, automate file processing workflows, and audit all B2B file activity from a single platform—capabilities that aren't available when sharing cloud storage accounts directly.

Now that you understand how Couchdrop enables secure B2B integration, you will connect your cloud storage and configure it as the destination for files from trading partners.

Step 2 — Connecting Your Cloud Storage

Couchdrop needs to connect to your cloud storage to act as the bridge for B2B file transfers. This connection authenticates Couchdrop to access your storage on behalf of external users you create, without giving those users direct storage access.

Navigate to + Create > Connect to Storage in the Couchdrop dashboard. This opens the storage connection wizard.

Select your cloud storage platform from the available options. The most common B2B storage platforms are:

• SharePoint or OneDrive for Microsoft 365
• Google Drive or Google Workspace
• AWS S3 for organizations using Amazon cloud infrastructure
• Azure Blob Storage or Azure Files
• Dropbox Business
• Box.com

For this tutorial, we'll use SharePoint as the example, but the process is similar for other platforms.

After selecting SharePoint, configure the following fields:

• Connection Name: Enter B2B-Exchange. This name helps you identify this storage connection when creating users and automations.
• SharePoint Domain: Enter your SharePoint domain without sharepoint.com. For example, if your SharePoint URL is contoso.sharepoint.com, enter contoso.
• Authentication Method: Keep Delegated Access selected. This uses OAuth to grant Couchdrop permission to access SharePoint on your behalf.

Click Connect to SharePoint. A new browser window will open asking you to sign in to Microsoft and authorize Couchdrop. Sign in with an account that has access to the SharePoint sites you want to use for B2B file exchange. Microsoft will display the permissions Couchdrop requests—these allow Couchdrop to read and write files on your behalf.

Click Accept to grant permission. The window will close and return you to Couchdrop.

Back in Couchdrop, the connection will be tested and the status will show Connected if successful. You can now select which SharePoint site and document library to use for B2B file exchange:

• Root Folder: Click Select a location. Navigate to the SharePoint site and document library where partner files should be stored. For example, /sites/Operations/Shared Documents/Vendor Uploads. This folder becomes the root directory for external users—they won't be able to access anything outside it.

Click Test Connection to verify Couchdrop can read and write to this location. If the test succeeds, click Save Settings.

Your SharePoint storage is now connected to Couchdrop. In Couchdrop's file browser, you'll see a virtual folder representing this SharePoint location. Files that external partners upload via SFTP or other methods will be written directly to SharePoint, and files in SharePoint will be accessible for partners to download (if you grant them permission).

With your storage connected, you can now create isolated user accounts that external partners will use to access files.

Step 3 — Creating External User Accounts for Trading Partners

External partners need credentials to connect to Couchdrop. You will create isolated user accounts that restrict partners to specific folders and control what actions they can perform.

Navigate to + Create > SFTP User in the Couchdrop dashboard. This opens the user creation wizard.

Configure the following settings in the Select user type and configure settings section:

• Username: Enter a unique identifier for this partner. Use a descriptive name that identifies the organization, such as vendor-acme-corp or client-data-exchange. This username will be used by the partner to authenticate via SFTP.

• Home/Root Directory: Click Select a location. Choose the SharePoint folder you configured in the previous step, or create a subfolder within it for this specific partner. For example, if your SharePoint root is /B2B-Exchange/, you might create /B2B-Exchange/Acme-Corp/ for this partner. The partner will only be able to access files within this directory—they cannot navigate to parent folders or see other partners' directories.

• Password: Select Autogenerated Password. Couchdrop will create a secure random password. If your organization requires specific password formats, select Custom Password instead and enter a password that meets your requirements.

• Public and Automatic RSA Key Creation: Check this box if the partner requires SSH key authentication instead of passwords. Many automated systems and security policies require key-based authentication. Couchdrop will generate a private and public key pair for this user.

Click Create user. Couchdrop will create the user account and display the credentials page.

The credentials page shows all authentication details for this user:

• Username: The SFTP login username
• Password: The account password (if you used autogenerated, this is the only time you'll see it)
• SFTP Endpoint: The connection address, formatted as sftp://<^>username<^>@<^>your_company<^>.couchdrop.io
• SFTP Private Key: The private key file (if you enabled key generation)
• SFTP Public Key: The public key (if you enabled key generation)

Important! Download and save these credentials immediately. Click Download Credentials to save all details as a file. Couchdrop does not store the password or private key—once you leave this page, you cannot retrieve them. If credentials are lost, you must regenerate them.

You can now share these credentials with your trading partner through a secure channel—never send credentials via unencrypted email. Your partner can use any standard SFTP client (FileZilla, WinSCP, CyberDuck, or command-line SFTP) to connect using these credentials.

With the user account created, the partner can now upload and download files to the designated SharePoint folder via SFTP. However, you may want to adjust the default permissions to match your specific B2B requirements.

Step 4 — Configuring User Permissions for B2B Workflows

By default, external users have read, write, and delete permissions. Many B2B scenarios require more restrictive permissions—for example, allowing vendors to upload files but preventing them from downloading or deleting data.

From the Couchdrop dashboard, navigate to Users in the main sidebar. Locate the user you created in the previous step. Click the three-dot menu (⋮) on the right side of the user row and select Configure as admin.

This opens the user configuration screen. Scroll down to the Filesystem Access section, which controls what file operations the user can perform.

The Global filesystem permissions for this user dropdown determines read and write access. Click the dropdown to see the available options:

• Read/Write Access: User can view, download, upload, and modify files. This is appropriate for collaborative B2B relationships where both parties exchange files bidirectionally.

• Read Only: User can view and download files only. Use this when your organization needs to share files with partners (such as reports or data exports) but partners should not upload anything.

• Write Only: User can upload files only. The user cannot view, download, or modify existing files. This is the most common permission for vendor file submissions, compliance document uploads, or any scenario where external parties send data to you but shouldn't access what other parties have submitted.

For most vendor integrations, select Write Only from the dropdown. This allows the vendor to upload files to your SharePoint folder but prevents them from seeing what other vendors have uploaded or downloading sensitive files from the directory.

The Delete allowed checkbox controls whether the user can delete files. This permission is independent of the read/write setting:

• Unchecked: User cannot delete files. This prevents accidental or malicious file deletion.
• Checked: User can delete files they have uploaded or any file they can access.

For most B2B integrations, Delete allowed should be unchecked. Even if partners need to re-upload corrected files, requiring them to keep original submissions provides an audit trail.

After configuring permissions, click Save at the bottom of the page. These permissions take effect immediately—the external user does not need to disconnect and reconnect.

With permissions configured appropriately for your B2B workflow, you can now set up automation to process files as they arrive from trading partners.

Step 5 — Automating File Processing with File Actions

When external partners upload files, you typically need to process them—decrypt PGP-encrypted files, move them to processing queues, or notify internal teams. Couchdrop's File Actions automate these workflows without requiring custom code.

Navigate to File Actions in the main sidebar. Click + New File Action to open the automation builder.

First, configure the trigger that starts the automation. Click Configure Action (Trigger) at the top of the builder.

In the On Action dropdown, select Upload. This triggers the automation whenever a file is uploaded to the monitored location through Couchdrop (via SFTP, web portal, or any other Couchdrop method).

Important: This trigger only responds to uploads made through Couchdrop. If files are uploaded directly to SharePoint (via the SharePoint web interface or mobile app), Couchdrop cannot detect them. For monitoring SharePoint directly, you would use Transfer Automations with scheduled polling instead.

Click Save to set the trigger.

Next, configure where the automation monitors for uploads. Click Configure Location in the automation builder.

In the Location section, click Select a location. Navigate to the SharePoint folder where your external users upload files—this should be the same folder you configured as their root directory. For example, /B2B-Exchange/Acme-Corp/.

Click Save to set the location.

Now add actions that process uploaded files. Click the + button between workflow components and select Actions from the menu.

The action menu displays available operations. Common B2B file processing actions include:

For encrypted file delivery:

• Select PGP Decrypt File if partners send PGP-encrypted files. You'll need to upload your private PGP key to Couchdrop first.

For file organization:

• Select Move File to move uploaded files from the upload directory to a processing directory. In the destination_path field, enter the SharePoint path where processed files should go, such as /B2B-Exchange/Processing-Queue/. You can use variables like /{YYYY}/{MM}/{DD}/ to organize files by date.

For notifications:

• Select Send Email to notify your team when files arrive. In the recipient_email field, enter team members' email addresses (comma-separated for multiple recipients). Use the body field to include file details using variables like {EXISTING_NAME} for the filename and {USER} for which partner uploaded it.

For this tutorial, configure a simple workflow that moves uploaded files to a processing folder:

1. Click + and select Actions
2. Choose Move File from the action menu
3. In the destination_path field, enter /B2B-Exchange/Processing-Queue/{USER}/{YYYY}-{MM}-{DD}/
4. Click Save

This action moves each uploaded file to a subfolder organized by partner name and date. The {USER} variable expands to the partner's username, and {YYYY}-{MM}-{DD} creates date-based folders (such as 2026-01-14).

You can add multiple actions by clicking + again and selecting additional operations. Actions execute in sequence from top to bottom.

Finally, enable the automation. At the top of the screen, toggle File Action Enabled to the on position. The automation will now process files as soon as partners upload them via SFTP.

With your file processing automation configured, you have completed a functional B2B integration. External partners can now securely exchange files with your organization.

Step 6 — Testing the B2B Integration

Before providing credentials to your trading partners, verify that the integration works as configured. You will connect to Couchdrop as an external user would and confirm that files transfer to SharePoint correctly.

Open an SFTP client on your computer. For this tutorial, we'll use FileZilla, a free cross-platform SFTP client, but any SFTP client works identically.

In FileZilla (or your preferred client), configure a new connection with the credentials you generated in Step 3:

• Host: Enter <^>your_company<^>.couchdrop.io (without the sftp:// prefix)
• Username: Enter the username you created, such as vendor-acme-corp
• Password: Enter the password from the credentials page
• Port: Enter 22 (the standard SFTP port)

Click Connect or Quick Connect. The client will establish a secure connection to Couchdrop. If this is your first time connecting, the client may display an "unknown host key" warning—this is normal. Click OK or Accept to proceed.

Once connected, the right pane of your SFTP client shows the remote directory—this is the SharePoint folder you configured as the user's root directory. The left pane shows your local computer's file system.

To test file upload:

1. Select a test file from your local computer (left pane)
2. Drag it to the remote directory (right pane), or use your client's upload function
3. The file will transfer from your computer to Couchdrop, which streams it directly to SharePoint

Navigate to your SharePoint site in a web browser. Open the folder where partner files are stored. You should see the test file you just uploaded via SFTP. This confirms that the B2B integration is working—files uploaded through SFTP arrive in SharePoint without storing data in Couchdrop.

If you configured a File Action in Step 5, check the destination folder specified in your Move File action. Within a few seconds, the file should appear in the processing queue folder, demonstrating that your automation is executing successfully.

To test permissions, try to download a file from the SFTP directory (if there are any existing files). If you configured Write Only permissions in Step 4, the download should fail with a "permission denied" error. This confirms that the isolation is working correctly—partners can upload but cannot access existing data.

Now that your integration is verified and operational, you can provide credentials to your actual trading partners and begin production file exchange.

Next Steps

In this tutorial, you configured a complete B2B integration using Couchdrop. You connected your cloud storage platform to Couchdrop, created isolated user accounts for external partners, configured appropriate permissions for secure file exchange, and set up automated file processing to handle incoming files.

Your trading partners can now connect via SFTP using standard file transfer clients, without requiring access to your cloud storage credentials. Files they upload flow directly to your SharePoint (or other cloud storage), and your File Actions automation processes them according to your business requirements.

To expand this B2B integration, you might want to:

• Configure AS2 endpoints for partners who require AS2 protocol for EDI transactions. Review Inbound AS2 Stations to enable this capability.
• Set up Upload Links for partners who need ad-hoc file submission without managing SFTP credentials. See Upload Links/Web Forms for creating secure web-based file collection portals.
• Implement PGP encryption for sensitive file exchange. Learn more in PGP encryption and decryption for SFTP file transfers.
• Create Transfer Automations to poll external SFTP servers and pull files from trading partners who host their own servers. Review Transfer Automations (Scheduled Transfers) for scheduled polling configurations.

For more information on managing users, permissions, and security settings, check out our documentation on Managing Users and Groups in Couchdrop.