1. Create a PingFederate SP connection for Dropbox:
    1. Sign on to the PingFederate administrative console.
    2. Create an SP connection in Ping Federate:
      1. Set Partner’s Entity ID to Dropbox.
      2. Configure using Browser SSO profile SAML 2.0.
      3. Enable the following SAML Profiles:
        • IDP-Initiated SSO
        • SP-Initiated SSO
        • IDP-Initiated SLO
        • SP-Initiated SLO
      4. In Assertion Creation: Attribute Contract, set the Subject Name Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
      5. In Assertion Creation: Attribute Contract Fulfilment, map attribute SAML_SUBJECT to the attribute mail.
      6. In Protocol Settings, set Assertion Consumer Service URL: to https://www.dropbox.com/saml_login and in Allowable SAML Bindings, enable Redirect.
    3. Export the metadata for the newly-created SP connection.
    4. Export the signing certificate public key.
      Screen capture of PingFederate SP Connections page.
  2. Configure the PingFederate IdP connection for Dropbox:
    1. Sign on to the Dropbox Admin Console as an administrator.
      Screen capture of Dropbox home page with Admin console on the lefthand side bar highlighted in red.
    2. Click Settings.
    3. Click the Single sign-on section.
      Screen capture of Dropbox Settings page with Single sign-on highlighted in red.
    4. For Single sign-on, select Required.
      Screen capture of Dropbox SSO settings with the Required button highlighted in red.
    5. In the Identity provider sign-in URL field, enter the URL Location for SingleSignOnService Location value that you retrieved from the PingFederate SP metadata that you downloaded.
      Screen capture of Dropbox SSO settings with the IdP sign-in URL, X.509 certificate, and Save button all highlighted in red.

      For example, https://<PingFederate Hostname>:<PingFederate Port>/idp/SSO.saml2.

    6. Upload the PingFederate signing certificate that you downloaded.
    7. Click Save.
  3. To test the PingFederate IdP-initiated SSO integration, go to the SSO Application Endpoint value displayed in the PingFederate application configuration for the Dropbox configuration.

    For example: https://<PingFederate Hostname>:<PingFederate Port>/idp/startSSO.ping?PartnerSpId=Dropbox

    Screen capture of PingFederate sign on screen.Screen capture of the Dropbox home page.
  4. Test the PingFederate SP-initiated SSO integration:
    1. Go to https://www.dropbox.com/login.
    2. Enter your email address.

      Dropbox will automatically detect that single sign-on is enabled based on the email used.

    3. Click Continue.

      You're redirected to PingFederate for authentication.

      Screen capture of Dropbox sign on page.Screen capture of PingFederate sign on page.Screen capture of Dropbox home page.