Dropbox SAML Configuration

system

Introduction

This article outlines the information and steps you need to take in order to configure Dropbox to use the LogonBox SAML Identity Provider. Once configured your users will be redirected to your LogonBox Server to authenticate. 

Step 1 - Get the Unique Sign-in URL from Dropbox

Log into your Dropbox account as administrator and navigate to Admin->Authentication. Select Enable Single signon and expand the the text by pressing the More hyperlink to reveal your unique sign-in URL.

 

Take a copy of your signin URL, for example, https://www.dropbox.com/sso/123456789.

We will continue configuring Dropbox in Step 4.

 

Step 2 - Create the Resource from the Template

Log into your LogonBox server as your admin account and navigate to Identity Services->SAML in the left hand menu. 

Click Search Templates and select the Dropbox SAML template and click Next.

 

You will be asked for your Dropbox unique login URL number which you copied in Step 1, enter this here.  

 

Click Next which should create the resource. At this point you can click on the Go to Article link to open this article in a separate browser window.

Click the X to close the popup and return to the SAML list of resources where your Dropbox SAML resource should now be present.

 

Step 3 - Download SAML metadata

You will need a couple of things from your server in order to configure DropBox. First you will need to download the SAML metadata.

In the table of SAML resources locate the DropBox SAML resource, and click the gears icon to activate the dropdown. Select Download Metadata; this is an XML file that contains information about the Identity Provider and its access points.


Next, navigate to the Certificates menu and locate the SAML RSA certificate. Again using the gears icon, select Download Certificate

 

Before proceeding to the next step, open the XML file containing the metadata and locate the logon service URL. This is located towards the end of the document and will look like:

https://demo.logonbox.com/app/api/sso/logon/123456

Copy the entire URL as this will be entered into the DropBox settings.

 

Step 4 - Configure Dropbox

Once you have setup the SAML resource on your server you will now need to log into your DropBox account as Administrator so that you can configure the rest of the settings.

First, once logged in, navigate to Admin->Authentication the same location from where you retrieved the login URL in Step 1.

You have two options on how you wish to single sign-on to Dropbox, Optional and Required. Initially you should choose Optional to help you test everything since you can choose whether to use sso login or Dropbox login, once everything is working select Required.

 

Enter the logon service URL as identified in Step 3 into the sign-in URL.

 

Then upload the certificate crt file as downloaded in Step 3.

 

Step 5 - Final Checks

One final step before you start using your Dropbox resource, edit it and click the Assignment tab and add users, groups or roles. You can just add the Everyone role here to let all users access the resource. 

In addition, each user's email address must match their Dropbox logon email as this is the primary link between accounts.

Once access is assigned log out of DropBox as the admin and then access LogonBox as a user with the rights to use the new resource. In Browser Resources section under My Resources click the launch icon to access DropBox.

 

Step 6 - Enable Required Mode

If everything is working you can now set single signon to required in Dropbox under Admin->Authentication as shown below. All users will now have to use single sign on login using their AD account in Hypersocket SSO.