The following section describes the steps for configuring service provider (SP)- and identity provider (IdP)-initiated single sign-on (SSO) to Dropbox.

Note:

This section requires two pieces of information from PingFederate:

  • The PingFederate SSO Application Endpoint, which can be found on the Activation & Summary page, in the SP Connection section
  • The exported certificate used to sign the SAML assertion (configured in Creating a connection)
  1. Go to https://www.dropbox.com/team/admin/ and sign on with your team owner credentials.
  2. Go to Authentication to view the Single sign-on section.
  3. Select the Enable single sign-on check box and click Optional or Required based on your SSO requirements.
  4. In the Sign in URL field, enter the PingFederate SSO Application endpoint.
    https://pf_host:pf_port/idp/startSSO.ping?PartnerSpId=connection_id

    where:

    • pf_host is the machine running the PingFederate server.
    • pf_port is the PingFederate port (default value: 9031).
    • connection_id is the connection ID of the SP connection, for example, https://www.dropbox.com/.
  5. Import the signing certificate into the X.509 certificate field.
    Scren capture of the Authentication section showing Enable single sign-on selected and Required clicked.
  6. Click Save Changes to complete the Dropbox SSO setup.

    When saved, emails are sent to team members to instruct them on how to initiate signing on.