PingOne

Provisioning Dropbox with PingOne

Dropbox is a cloud-based file storage and collaboration platform. By integrating Dropbox with PingOne, you can automate the lifecycle of user identities and groups, ensuring that access to sensitive corporate data is synchronized with your central directory.

Provisioning capabilities

Resource Capability Description Inbound Outbound

User

Create

Generates a new user record in the destination.

Yes

Yes

Read

Retrieves or polls user attributes for synchronization.

Yes

Yes

Update

Modifies existing attributes, such as job title.

Yes

No

Delete

Deletes a user or temporarily suspends an account.

Yes

Yes

Group

Create

Provisions a new group in the target application.

No

Yes

Rename

Updates the display name or identifier of an existing group.

No

Yes

Delete

Removes a group from the target application.

No

Yes

Membership

Add and remove

Handles additions and removals of users within groups.

No

Yes

Before you begin

Make sure that you have:

  • A Dropbox administrative account. Learn more in Dropbox administrator in the Dropbox documentation.

  • The following from your Dropbox account:

    • Client ID

    • Client Secret

    • Refresh Token

  • Users assigned to a specific population or group in PingOne designated for Dropbox provisioning.

Steps

  1. Create a Dropbox connection:

    1. In the PingOne admin console, go to Integrations > Provisioning.

    2. Click and then click New Connection.

    3. Click Select for Identity Store.

    4. Click Select for the Dropbox connection, and click Next.

    5. Enter a Name and Description for this provisioning connection.

    6. Click Next.

    7. In the Configure Authentication section, enter the following configurations that apply to your Dropbox account:

      • Service URI: Enter the base URL for the Dropbox API endpoint, such as https://api.dropboxapi.com/2.

      • Authentication Method: Select OAUTH and enter the following configurations:

        Configuration Example

        Client ID

        abcd1234efgh5td

        Client Secret

        ruio1264efyh6ew

        Token Endpoint

        https://api.dropboxapi.com/oauth2/token

        Grant Type

        refresh_token

        Refresh Token

        bcX7LM_-aQMAAAAAAAAAAGh3kTQPLmNZ9R2_wEr8JkLm4pQz7yHtYU-VbNQ-DtKp

    8. Click Test Connection to verify that PingOne can establish a connection to the Dropbox.

      Result:

      If there are any issues with the connection, a Test Connection Failed modal opens. Click Continue to resume the setup with an invalid connection.

      You can’t use the connection for provisioning until you’ve established a valid connection to Dropbox. If the connection fails, click Cancel in the Test Connection Failed modal, verify that you have entered the configuration details in step g correctly, and try again.

    9. Click Next.

    10. In the User Actions section, enter the following as needed:

      Field Description

      Enable users creation

      Creates a user in the target identity store when the user is created in the source identity store.

      Enable users updation

      Updates user attributes in the target identity store when the user is updated in the source identity store.

      If Enable users updation is selected, you can choose to select Enable users disable, which disables a user in the target identity store when the user is disabled in the source identity store.

      Enable users deprovision

      Deprovisions a user in the target identity store when the user is deprovisioned in the source identity store. If Enable users deprovision is selected, the following options appear:

      • Remove Action: Removes or disables a user in the target identity store when the user is deleted in the source identity store. Select Delete or Disable.

        Remove Action is only available if you select Enable users disable.

      • Deprovision on rule deletion: Deprovisions users if the associated provisioning rule is deleted.

    11. Click Save.

    12. To enable the connection, click the toggle at the top of the details panel to the right (blue).

      You can disable the connection by clicking the toggle to the left (gray).

  2. Create an inbound or outbound rule and select the existing Dropbox connection as the target or source. You can optionally add attribute mappings.

    For Box, Docusign, and Dropbox inbound rules, enabling the Sync Only Active Users configuration in the Onboarding Settings panel triggers an immediate full resync. Any users currently in PingOne who were previously provisioned by this specific rule, but don’t have an Active status, will be deleted from PingOne.

Validation

Confirm users and groups are successfully provisioned to Dropbox. View the sync status to review synchronization results and any errors. You can find examples in Outbound provisioning sync summary examples.

Dropbox directory attributes

The following table lists common Dropbox attributes that can be mapped for user provisioning:

Attribute Description

email

The user’s primary email address.

given_name

The user’s first name.

surname

The user’s last name.

status

The account status such as active or disabled.

Directly mapping the PingOne Enabled attribute Boolean to the Dropbox [.codeph]status attribute String causes a schema error. To prevent this, PingOne provides a default, optional attribute mapping that uses a Spring Expression Language (SpEL) expression to convert the values, such as mapping true to active.

Dropbox known limitations

The following limitations apply to the Dropbox provisioning:

  • For inbound rules, user filtering is not supported. All users from the source Dropbox instance are provisioned to PingOne.

  • For inbound provisioning, data updates once a day. The sync occurs daily at the time the initial full-sync completed. Manual syncs don’t change this schedule. Changes in the source appear in PingOne after the daily update.

  • Using both inbound and outbound sync rules for the same application can cause issues, such as duplicate users, because the rules operate independently.