Creating a connection
To allow PingFederate to act as an identity provider (IdP) and manage users in Dropbox, create a service provider (SP) connection.
Steps
-
In the PingFederate administrator console, create a new SP connection:
Choose from:
-
For PingFederate 10.1 or later: go to Applications → Integration → SP Connections. Click Create Connection.
-
For PingFederate 10.0 or earlier: go to Identity Provider → SP Connections. Click Create Connection.
-
-
Configure the basic connection details with the Dropbox quick connection template:
-
On the Connection Template tab, click Use a template for this connection.
-
In the Connection Template list, select Dropbox Provisioner.
-
On the Metadata File row, upload the
saml-metadata.xml
file that you saved in Preparing the Dropbox SAML 2.0 metadata XML file. Click Next. -
On the Connection Type tab select the Browser SSO Profiles and Outbound Provisioning checkboxes. Click Next.
-
On the Connection Options tab, click Next.
-
On the General Info tab, the default values are taken from the metadata file you uploaded earlier. Click Next.
-
-
On the Browser SSO tab, configure browser single sign-on (SSO).
Learn more in Configuring IdP Browser SSO in the PingFederate documentation.
-
On the Browser SSO → SAML Profiles tab, select the IDP-Initiated SSO and SP-Initiated SSO checkboxes.
-
On the Browser SSO → Assertion Creation → Attribute Contract tab, in the SAML_SUBJECT row, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress in the Subject Name Format list.
-
On the Browser SSO → Protocol Settings → Allowable SAML Bindings tab, select the Post and Redirect checkboxes. Click Next.
-
-
On the Browser SSO → Protocol Settings → Signature Policy tab, select the Always sign the SAML Assertion checkbox. Click Next.
-
On the Credentials tab, configure the connection credentials as shown in Configuring credentials in the PingFederate documentation. Click Next.
-
On the Outbound Provisioning tab, configure provisioning with the following details.
Learn more in Configuring outbound provisioning in the PingFederate documentation.
-
On the Target tab, complete the fields as follows:
Field Name Description OAuth 2 Access Token
The OAuth 2.0 access token for authentication.
To obtain the access token, you must first Obtain an App Key and Secret from Dropbox. When you have obtained the app key and secret from Dropbox, you can Generate Your OAuth 2.0 Access Token.
User Create Enabled
-
True
(default): Users will be created in Dropbox through PingFederate. -
False
: Users will not be created in Dropbox.
The provisioner.log displays a warning within the create user workflow that the user was not created in Dropbox.
User Update Enabled
-
True
(default): Users will be updated in Dropbox through PingFederate. -
False
: Users will not be updated in Dropbox.
The
provisioner.log
will display a warning within the update user workflow that the user was not updated in Dropbox. -
-
(Optional) In the Provisioning Options section, customize the provisioning connector behavior. Click Next.
-
On the Manage Channels → Attribute Mapping tab, at the bottom of the attribute list, click Refresh Fields to get fields and specifications from your Dropbox site.
-
Complete the attribute mappings by referring to Supported attributes reference.
Learn more in Managing channels in the PingFederate documentation.
-
-
On the Activation and Summary tab, above the Summary section, click the toggle to enable the connection. Click Save.