--- title: Creating a connection description: To allow PingFederate to act as an identity provider (IdP) and manage users in Dropbox, create a service provider (SP) connection. component: dropbox page_id: dropbox:setup:pf_dropbox_connector_creating_a_connection canonical_url: https://docs.pingidentity.com/integrations/dropbox/setup/pf_dropbox_connector_creating_a_connection.html revdate: June 11, 2024 section_ids: steps: Steps choose-from: Choose from: --- # Creating a connection To allow PingFederate to act as an identity provider (IdP) and manage users in Dropbox, create a service provider (SP) connection. ## Steps 1. In the PingFederate administrator console, create a new SP connection: ### Choose from: * For PingFederate 10.1 or later: go to **Applications > Integration > SP Connections**. Click **Create Connection**. * For PingFederate 10.0 or earlier: go to **Identity Provider > SP Connections**. Click **Create Connection**. 2. Configure the basic connection details with the Dropbox quick connection template: 1. On the **Connection Template** tab, click **Use a template for this connection**. 2. In the **Connection Template** list, select **Dropbox Provisioner**. 3. On the **Metadata File** row, upload the `saml-metadata.xml` file that you saved in [Preparing the Dropbox SAML 2.0 metadata XML file](pf_dropbox_connector_preparing_the_dropbox_saml_20_metadata_xml_file.html). Click **Next**. 4. On the **Connection Type** tab select the **Browser SSO Profiles** and **Outbound Provisioning** checkboxes. Click **Next**. 5. On the **Connection Options** tab, click **Next**. 6. On the **General Info** tab, the default values are taken from the metadata file you uploaded earlier. Click **Next**. 3. On the **Browser SSO** tab, configure browser single sign-on (SSO). Learn more in [Configuring IdP Browser SSO](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_spconnectionconfigtasklet_spbrowserssostate.html) in the PingFederate documentation. 1. On the **Browser SSO > SAML Profiles** tab, select the **IDP-Initiated SSO** and **SP-Initiated SSO** checkboxes. 2. On the **Browser SSO > Assertion Creation > Attribute Contract** tab, in the **SAML\_SUBJECT** row, select **urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress** in the **Subject Name Format** list. 3. On the **Browser SSO > Protocol Settings > Allowable SAML Bindings** tab, select the **Post** and **Redirect** checkboxes. Click **Next**. 4. On the **Browser SSO > Protocol Settings > Signature Policy** tab, select the **Always sign the SAML Assertion** checkbox. Click **Next**. 5. On the **Credentials** tab, configure the connection credentials as shown in [Configuring credentials](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_spconnectionconfigtasklet_credentialsstate.html) in the PingFederate documentation. Click **Next**. 6. On the **Outbound Provisioning** tab, configure provisioning with the following details. Learn more in [Configuring outbound provisioning](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_spconnectionconfigtasklet_saasprovisioningstate.html) in the PingFederate documentation. 1. On the **Target** tab, complete the fields as follows: | Field Name | Description | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **OAuth 2 Access Token** | The OAuth 2.0 access token for authentication.To obtain the access token, you must first [Obtain an App Key and Secret from Dropbox](pf_dropbox_connector_obtain_an_app_key_and_secret_from_dropbox.html). When you have obtained the app key and secret from Dropbox, you can [Generate Your OAuth 2.0 Access Token](pf_dropbox_connector_generate_your_oauth_20_access_token.html). | | **User Create Enabled** | * `True` (default): Users will be created in Dropbox through PingFederate. * `False`: Users will not be created in Dropbox. The provisioner.log displays a warning within the create user workflow that the user was not created in Dropbox. | | **User Update Enabled** | - `True` (default): Users will be updated in Dropbox through PingFederate. - `False`: Users will not be updated in Dropbox. The provisioner.log will display a warning within the update user workflow that the user was not updated in Dropbox. | 2. (Optional) In the **Provisioning Options** section, customize the provisioning connector behavior. Click **Next**. 3. On the **Manage Channels > Attribute Mapping** tab, at the bottom of the attribute list, click **Refresh Fields** to get fields and specifications from your Dropbox site. 4. Complete the attribute mappings by referring to [Supported attributes reference](pf_dropbox_connector_supported_attributes_reference.html). Learn more in [Managing channels](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_saasmanagementtasklet_saasmanagementstate.html) in the PingFederate documentation. 7. On the **Activation and Summary** tab, above the **Summary** section, click the toggle to enable the connection. Click **Save**.