Page created: 1 Jul 2021 |
Page updated: 14 Dec 2021
Learn how to configure SAML SSO with Dropbox and PingFederate.
Create a PingFederate SP
connection for Dropbox:
- Sign on to the PingFederate administrative console.
Create an SP connection in Ping Federate:
- Set Partner’s Entity ID to Dropbox.
- Configure using Browser SSO profile SAML 2.0.
- Enable the following SAML Profiles:
- IDP-Initiated SSO
- SP-Initiated SSO
- IDP-Initiated SLO
- SP-Initiated SLO
- In Assertion Creation: Attribute Contract, set the Subject Name Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
- In Assertion Creation: Attribute Contract Fulfilment, map attribute SAML_SUBJECT to the attribute mail.
- In Protocol Settings, set Assertion Consumer Service URL: to https://www.dropbox.com/saml_login and in Allowable SAML Bindings, enable Redirect.
- Export the metadata for the newly-created SP connection.
Export the signing certificate public key.
Configure the PingFederate
IdP connection for Dropbox:
Sign on to the Dropbox Admin Console as an administrator.
- Click Settings.
Click the Single sign-on section.
For Single sign-on, select
In the Identity provider sign-in URL field,
enter the URL Location for SingleSignOnService
Location value that you retrieved from the PingFederate SP metadata
that you downloaded.
For example, https://<PingFederate Hostname>:<PingFederate Port>/idp/SSO.saml2.
- Upload the PingFederate signing certificate that you downloaded.
- Click Save.
- Sign on to the Dropbox Admin Console as an administrator.
To test the PingFederate
IdP-initiated SSO integration, go to the SSO Application
Endpoint value displayed in the PingFederate application
configuration for the Dropbox configuration.
For example: https://<PingFederate Hostname>:<PingFederate Port>/idp/startSSO.ping?PartnerSpId=Dropbox
Test the PingFederate
SP-initiated SSO integration:
- Go to https://www.dropbox.com/login.
Enter your email address.
Dropbox will automatically detect that single sign-on is enabled based on the email used.
You're redirected to PingFederate for authentication.