Integrate Dropbox with Conditional Access

In this topic, you will find general instructions on how to integrate Dropbox with Portnox™ Conditional Access for Applications.

Note: Single sign-on functionality is only available in the Dropbox Business Plus plan (highest tier).

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with Dropbox.

In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/
From now on, we will call this tab the Portnox tab.
In the Cloud portal top menu, click on the Applications option.
On the Applications screen, click on the Add application button, and select the Add new SAML application option.
Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this application section.
In the Application details section, enter an Application name and optionally a Description.

In this example, we used the name Dropbox for the new application configuration but you can use any name you like.
Keep this browser tab open. You will need it later.

In this section, you will access your Dropbox Admin console and find the single sign-on (SSO) settings.

In another tab of your browser, open the Dropbox Admin console Single sign-on page by accessing the following URL: https://www.dropbox.com/team/admin/settings/sso.
From now on, we will call this tab the Dropbox tab.
In the drop-down field to the right of the Single sign-on label, select either Optional or Required.

Note: For testing purposes, we recommend the Optional setting. After tests are successful, for security reasons, we recommend the Required setting.

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the Dropbox SSO setup section.

In the Portnox tab, in the Service details section, click on the ⧉ icon next to the Sign-In URL / SSO URL field to copy the value.
In the Dropbox tab, click on the Add sign-in URL button, and in the Identity provider sign-in URL field in the pop-up window, paste the value copied from Portnox Cloud. Then, click on the Done button.
In the Portnox tab, in the Certificates > Signing certificates section, click on the ⋮ icon next to the Active certificate and select the Download certificate option to download the certificate to the local drive.
In the Dropbox tab, click on the Upload certificate button and select the certificate file that you downloaded from Portnox Cloud.

In this section, you will copy the values displayed in your Dropbox SSO setup section, and paste them in the relevant fields in Portnox Cloud.

In the Dropbox tab, click on the Copy link button next to the SSO sign-in URL field to copy the value to the clipboard.
In the Portnox tab, in the Application properties section, click on the empty field under the Entity ID / SP Entity URL heading and paste the value copied from Dropbox.
In the Portnox tab, in the Application properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and enter the following value: https://www.dropbox.com/saml_login.

In this section, you will finalize the configuration in Portnox Cloud and Dropbox.

Finalize the configuration in the Portnox tab.
1. Optional: In the POLICY ASSIGNMENTS section, change the setting to Application-based and then select an access control policy and a risk assessment policy if you want to control access to this application without using groups.
2. Scroll all the way down to the end of the page, and then click on the Save button.
Finalize the configuration in the Dropbox tab.
1. Scroll to the bottom of the Single sign-on pane and click on the Save button.

Result: You have configured Dropbox to be accessible using Portnox Conditional Access for Applications.