Configuration Guides

Configuring SAML SSO with Dropbox and PingOne for Enterprise

Learn how to configure SAML SSO with Dropbox and PingOne for Enterprise.

Create a PingOne for Enterprise application for Dropbox

  1. Sign on to PingOne for Enterprise and click Applications.

  2. On the SAML tab, click Add Application.

    Screen capture of PingOne for Enterprise My Applications tab in the SAML section with the Add Application drop down list displayed.
  3. Click Search Application Catalog and search for Dropbox.

  4. Click the Dropbox row.

    Screen capture of PingOne for Enterprise Application Catalog with the Dropbox SAML with Provisioning API displayed in the table.
  5. Click Setup.

  6. Select the appropriate signing certificate.

  7. Review the steps, and note the PingOne for Enterprise SaaS ID, IdP ID, Initiate Single Sign-on (SSO) URL, and Issuer values.

    Screen capture of PingOne for Enterprise Application SSO Instructions with the PingOne for Enterprise SaaS ID, IdP ID, Initiate Single Sign-on (SSO) URL, and Issuer values redacted.
  8. Click Continue to Next Step.

  9. Ensure ACS URLis set to https://www.dropbox.com/saml_login and Entity ID is set to Dropbox.

    Screen capture of PingOne for Enterprise Application Connection Configuration section with the ACS URL and Entity ID fields highlighted in red.
  10. Click Continue to Next Step.

  11. In the Attribute Mapping section, in the Identity Bridge Attribute or Literal Value column of the SAML_SUBJECT row, select the attribute SAML_SUBJECT.

    Screen capture of PingOne for Enterprise Application Attribute Mapping section with the Continue to Next Step button highlighted in red.
  12. Click Continue to Next Step.

  13. Update the Name, Description, and Category fields as required.

    Screen capture of PingOne for Enterprise App Customization section with customizable fields for Dropbox icon, Name, Description, and Category.
  14. Click Continue to Next Step.

  15. Add suitable user groups for the application.

  16. Click Continue to Next Step.

    Screen capture of PingOne for Enterprise Application Group Access section.
  17. Review the settings.

    Screen capture of PingOne for Enterprise Application Review Setup section with populated Icon, Name, Description, Category fields for the Dropbox application as well as redacted Connection ID, saasid, idpid, and Issuer values.
    Continuing from the previous screen capture, continued PingOne for Enterprise Setup Review for the Dropbox application with redacted fields and an Application Attribute table for SAML_SUBJECT.
  18. Copy the Single Sign-On (SSO) URL value to a temporary location.

    This is the IdP-initiated SSO URL that you can use for testing.

  19. On the Signing Certificate row, click Download You will use this for the Dropbox configuration.

  20. On the SAML Metadata row, click Download. You will use this for the Dropbox configuration.

  21. Click Finish.

Configure a PingOne for Enterprise IdP connection for Dropbox

  1. Sign on to the Dropbox Admin Console as an administrator.

    Screen capture of Dropbox home page with Admin console highlighted in red on the lefthand side bar.
  2. Click Settings.

  3. Click the Single sign-on section.

    Screen capture of Dropbox Settings with the Single sign-on section highlighted in red.
  4. For Single sign-on, select Required.

    Screen capture of Dropbox Single sign-on settings with the Required dropdown button highlighted in red.
  5. In the Identity provider sign-in URL field, enter the URL Location for SingleSignOnService Location value that you retrieved from the PingOne for Enterprise SP metadata that you downloaded.

    For example, https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=idpid

    Screen capture of Dropbox SSO settings with the IdP sign-in URL, X.509 certificate, and Save button highlighted in red.
  6. Upload the PingOne for Enterprise signing certificate that you downloaded.

  7. Click Save.

Test the PingOne for Enterprise IdP-initiated SSO integration

  1. Go to the Single Sign-On (SSO) URL in the PingOne for Enterprise Application configuration to perform IdP-initiated SSO.

    https://sso.connect.pingidentity.com/sso/sp/initsso?saasid=saasid&idpid=idpid

    Screen capture of PingOne for Enterprise sign on screen.
    Screen capture of Dropbox home page.

Test the PingOne for Enterprise SP-initiated SSO integration configuration

  1. Go to https://www.dropbox.com/login.

  2. Enter your email address.

    Dropbox automatically detects that single sign-on is enabled based on the email used.

  3. Click Continue.

    You’re redirected to PingOne for Enterprise for authentication.

    Screen capture of Dropbox login screen.
    Screen capture of PingOne for Enterprise sign on screen.
    Screen capture of Dropbox home page.