User and group management

Page created: 11 May 2021 |

Page updated: 8 Feb 2022

| 2 min read

Dropbox Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

The Dropbox Provisioner synchronizes users and groups from your datastore to Dropbox. The following sections describe the behavior of each provisioning capability.

You can configure these capabilities in the step of the setup process.

Synchronizing existing users

PingFederate synchronizes users based on the Email attribute in Dropbox. If a user already exists in your datastore and Dropbox, mapping this attribute correctly links the two records together.

For example:

In Dropbox, Janet's Email is jsmith@domain.com.
In your datastore, Janet's mail is jsmith@domain.com.
On the Attribute Mapping tab of your provisioning connection configuration, map the Email attribute to mail.
When the provisioning connector runs, the datastore user is provisioned with a Email of jsmith@domain.com. That matches Janet's existing Email in Dropbox, so her information in the datastore is synchronized to her Dropbox account.

User provisioning

PingFederate provisions users when any of the following happens:

A user is added to the datastore group or filter that is targeted by the provisioning connector.
A user with "disabled" status is added to the datastore group or filter that is targeted by the provisioning connector, and the Provision disabled users provisioning option is enabled.

User updates

PingFederate updates users when a user attribute changes in your datastore.

The Attribute Mapping tab of your provisioning connection configuration defines which attributes PingFederate monitors for changes.

Synchronizing existing groups

PingFederate synchronizes groups from the datastore to the target service based on the group name.

For example:

In Dropbox, there is a group is named Accounting.
In your datastore, there is a group with a CN of Accounting.
When the provisioning connector runs, the two groups are synchronized.

Group provisioning

PingFederate provisions groups when a group is added to the datastore filter that is targeted by the provisioning connector.

Group name updates

PingFederate renames groups when they are renamed in the datastore.

Group membership updates

PingFederate updates group memberships when memberships change in the datastore, whether the change is in the group's properties or a user's properties.

Group memberships in the datastore overwrite the group memberships in Dropbox.

Group deletion

PingFederate deletes groups when any of the following happen:

The group is deleted in the datastore.
The group is removed from the datastore group or filter that is targeted by the provisioning connector.

Group deletions are permanent and cannot be undone.