This site requires JavaScript to be enabled
External Customer KB > General > Configuring SAML SSO for Dropbox
Configuring SAML SSO for Dropbox
Article: KB0010311 Published: 03/09/2022 Last modified: 03/09/2022

This topic describes how to configure OneLogin to provide single sign-on (SSO) for your Dropbox users using SAML. (If you want to set up SSO for Dropbox with form-based authentication, see Adding a Form-Based Application.)

For a quick overview, check out this video:

Configuring SSO

  1. Log in to OneLogin and go to Applications > Add App.

  2. Search for Dropbox and select it.

  3. On the initial Configuration tab, select SAML2.0 - user provisioning.

  4. Click Save to add the app to your Company Apps and display additional configuration tabs.

  5. On the Parameters tab, map Dropbox user attributes to OneLogin attributes.

    Some parameters are included in the SAML assertion during SSO, others are used when provisioning users to Dropbox using the API. For SSO using SAML, you should accept the defaults, unless otherwise noted:

    Dropbox Field

    Default OneLogin Value

    SAML or Provisioning?




    SAML and Provisioning

    Leave Value set to Email. Most Dropbox implementations use email as the user ID.

    Groups - No value - Provisioning See Provisioning Users to Dropbox.
  6. On the Access tab, assign the OneLogin roles that should have access to Dropbox and provide any app security policy that you want to apply to Dropbox.

    You can also go to Users > All Users to add the app to individual user accounts, and return to this app configuration page to complete SSO configuration.

  7. Click Save.

  8. On the SSO tab, copy the two SAML values that you'll need to provide in Dropbox: SAML2.0 Endpoint (HTTP) URL and X.509 Certificate.

    To download the X.509 certificate, click View Details and select X.509 PEM from the drop-down below the X.509 Certificate field.

    If you want to use a different certificate, go back to the SSO tab, click Change, select the new certificate, and follow the above instructions.

    Alternatively, you can create an entirely new X.509 certificate for selection by going to Settings > Certificates and clicking New.

  9. Go to Dropbox and sign in as an admin. In the left panel, click Admin Console.

  10. Click Settings, then Single Sign-on.

  11. Select the Enable single sign-on option.

  12. Choose to make SSO option or required: Optional allows users to log in with SAML or their Dropbox Username and Password., while required forces users to authenticate via OneLogin.

  13. In the Identity Provider URL field, paste the SAML2.0 Endpoint (HTTP) value from OneLogin.

  14. Under X.509 Certificate, click Choose Certificate and upload the x.509 PEM Certificate you downloaded from OneLogin.

  15. Test the SAML connection.

    1. Make sure you are logged out of Dropbox.
    2. Give yourself access to the Dropbox app in OneLogin.
    3. Log in to OneLogin.
    4. Click the Dropbox icon on your OneLogin dashboard. If you are able to access Dropbox, then SAML works.

If you're not using the same Email in Dropbox as in OneLogin, do the following: 

  1. Go to Applications > Applications
  2. Edit the Dropbox application. 
  3. Navigate to the Logins tab.
  4. Locate and select your user. 
  5. Type a different email in the Email field and click Save.
  6. Navigate to the portal and re-test by clicking the Dropbox icon.

Next steps:

Provisioning Users to Dropbox

Expand/Collapse Comments
Was this helpful?