UniFi Identity Enterprise - Add Dropbox as an SSO App
After adding Dropbox as an SSO App in Identity Enterprise, you can control who has access to Dropbox in Identity Enterprise.
Requirements
To get started, ensure that your organization has subscribed to the Dropbox SSO-enabled subscription.
Add Dropbox App to Identity Enterprise
- Go to your Identity Enterprise Manager > SSO Apps.
- Click the Add icon on the upper right corner and select Dropbox.
- Click Add. The Sign-On URL, Issuer, and Public Certificate will be displayed. Click to download the public certificate and do not close the page as you’ll need to copy and paste them into Dropbox in the next section.
Configure SSO in Dropbox
- Sign in to Dropbox as an admin.
- Click Admin console > Settings in the left sidebar.
- Under the Authentication section, click Single sign-on.
- Toggle the Single sign-on setting from Off to either Optional or Required.
- If you choose Required, team members must sign in to Dropbox using SSO, and their Dropbox password will no longer work. However, admins can still use their Dropbox admin credentials to log in.
- If you choose Optional, your team can sign in to Dropbox using SSO or their Dropbox password.
- Click Add sign-in URL and enter the sign-on URL obtained from Identity Enterprise previously.
- You can click Add sign-out URL to add a sign-out URL as needed.
- Click Upload certificate to upload the X.509 certificate .pem file downloaded from Identity Enterprise.
- Click Apply changes.
Configure the Dropbox SSO Settings in Identity Enterprise
- Navigate back to the Add Dropbox page and scroll down to the Settings section.
- Name the app, for example: Dropbox.
- (Optional) Enter your license seats for record-keeping.
- (Optional) Provide the SAML default relay state if needed. This is the URL to which users will be redirected after completing the authentication process at the Identity Provider (Identity Enterprise).
- (Optional) Enable the Silent Provisioning as needed. Enable this setting to prevent Dropbox from sending emails to newly created users. This is recommended if you are using SAML for SSO and prefer that users do not receive password reset emails. Before activating this feature, follow the steps here to add your domain to Expensify Settings > Members > Domains.
- Click Add.