Configuring SAML SSO with Dropbox and PingFederate
Learn how to configure SAML SSO with Dropbox and PingFederate.
Create a PingFederate SP connection for Dropbox
-
Sign on to the PingFederate administrative console.
-
Create an SP connection in Ping Federate:
-
Set Partner’s Entity ID to Dropbox.
-
Configure using Browser SSO profile SAML 2.0.
-
Enable the following SAML Profiles:
-
IDP-Initiated SSO
-
SP-Initiated SSO
-
IDP-Initiated SLO
-
SP-Initiated SLO
-
-
In Assertion Creation: Attribute Contract, set the Subject Name Format to
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. -
In Assertion Creation: Attribute Contract Fulfilment, map attribute
SAML_SUBJECTto the attributemail. -
In Protocol Settings, set Assertion Consumer Service URL: to
https://www.dropbox.com/saml_loginand in Allowable SAML Bindings, enable Redirect.
-
-
Export the metadata for the newly-created SP connection.
-
Export the signing certificate public key.
Configure the PingFederate IdP connection for Dropbox
-
Sign on to the Dropbox Admin Console as an administrator.
-
Click Settings.
-
Click the Single sign-on section.
-
For Single sign-on, select Required.
-
In the Identity provider sign-in URL field, enter the URL Location for SingleSignOnService Location value that you retrieved from the PingFederate SP metadata that you downloaded.
For example,
https://PingFederate-Hostname:PingFederate-Port/idp/SSO.saml2. -
Upload the PingFederate signing certificate that you downloaded.
-
Click Save.
Test the PingFederate IdP-initiated SSO integration
Go to the SSO Application Endpoint value displayed in the PingFederate application configuration for the Dropbox configuration.
For example: https://PingFederate-Hostname:PingFederate-Port/idp/startSSO.ping?PartnerSpId=Dropbox
