User and group management
The Dropbox Provisioner synchronizes users and groups from your datastore to Dropbox. The following sections describe the behavior of each provisioning capability.
Synchronizing existing users
PingFederate synchronizes users based on the Email attribute in Dropbox. If a user already exists in your datastore and Dropbox, mapping this attribute correctly links the two records together.
For example:
-
In Dropbox, Janet’s
Emailisjsmith@domain.com. -
In your datastore, Janet’s
mailisjsmith@domain.com. -
On the Attribute Mapping tab of your provisioning connection configuration, map the
Emailattribute tomail. -
When the provisioning connector runs, the datastore user is provisioned with a
Emailofjsmith@domain.com. That matches Janet’s existingEmailin Dropbox, so her information in the datastore is synchronized to her Dropbox account.
User provisioning
PingFederate provisions users when any of the following happens:
-
A user is added to the datastore group or filter that is targeted by the provisioning connector.
-
A user with "disabled" status is added to the datastore group or filter that is targeted by the provisioning connector, and the Provision disabled users provisioning option is enabled.
User updates
PingFederate updates users when a user attribute changes in your datastore.
The Attribute Mapping tab of your provisioning connection configuration defines which attributes PingFederate monitors for changes.
Synchronizing existing groups
PingFederate synchronizes groups from the datastore to the target service based on the group name.
For example:
-
In Dropbox, there is a group is named
Accounting. -
In your datastore, there is a group with a
CNofAccounting. -
When the provisioning connector runs, the two groups are synchronized.
Group provisioning
PingFederate provisions groups when a group is added to the datastore filter that is targeted by the provisioning connector.