Dropbox SSO

Updated 5 months ago by admin

  1. Ensure that you have a Dropbox account that allows access to the Single Sign On feature
  2. Ensure that you have an Identity Provider configured
  3. Navigate to App Launcher -> Add Apps
  4. Select the Dropbox tile and optionally enter a name to display to IDaaS users
  5. Select an existing category or create a new category by using the Manage option. The Dropbox app tile will appear in this category for IDaaS users
  6. Log in to Dropbox as an Administrator and navigate to Settings -> Single Sign-On. Under SSO sign-in URL click the Copy Link button. Paste the link into the Application URL field
  7. Select the preferred Identity Provider for this app
  8. Click Next
  9. Click Download Certificate button and save the file on your computer.
  10. Navigate to Dropbox -> Settings -> Single sign-on and set it to Optional. We recommend using this mode for testing and only setting it to Required once you can confirm SSO logins are working as expected.
  11. The next step is to set the IdP sign-in URL for Dropbox to use.
Remember, in this case, the IDaaS product is acting as a broker between the app and your configured Identity Provider. Therefore, the IDaaS service is the IdP.

This URL will take the format https://<your-vanity-subdomain>.beyondsso.com/idp/saml/sso and can be found by clicking the relevant Identity Provider tile in Products -> IDaaS -> Identity Providers.

Within Dropbox, click the Add sign-in URL button and paste in the URL.

  1. Within Dropbox select the Upload certificate button and upload the certificate file from Step 9
  2. At this point, the Dropbox side is configured. Unfortunately, at this moment in time, Dropbox does not provide the option to download metadata for use with the IdP. Copy the following template into your clipboard:
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="Dropbox">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.dropbox.com/saml_login" index="0"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
  1. Return to the Add Application wizard and click Next. When prompted, click Paste Metadata XML and then paste in the XML from the previous step.
  2. Click OK and then Next to finalise the configuration.
  3. Test the authentication by clicking the newly created Dropbox tile and when prompted sign in with your identity provider credentials.

Further Reading


How did we do?