Integrate Dropbox with Zero Trust Network Access

In this topic, you will find general instructions on how to integrate Dropbox with Portnox™ Zero Trust Network Access.

Important: With the release of the Portnox Zero Trust Network Access product, which replaces the Portnox Conditional Access for Applications and Portnox Remote Private Access products, we are currently updating our documentation to reflect the new menu and screen structure. Please bear with us for a few days until this is updated. Thank you!
Note: Single sign-on functionality is only available in the Dropbox Business Plus plan (highest tier).

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with Dropbox.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Zero Trust Resources > Resources option.

  3. On the Resources screen, click on the Create resource button.

    1. In the What type of resource is this? section, select the SSO web resource option.
    2. In the Authentication protocol section, select the SAML option.
    3. Click on the Next button.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this resource section.
  5. In the Resource details section, enter a Resource name and optionally a Description.

    In this example, we used the name Dropbox for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Open your Dropbox single sign-on settings

In this section, you will access your Dropbox Admin console and find the single sign-on (SSO) settings.

  1. In another tab of your browser, open the Dropbox Admin console Single sign-on page by accessing the following URL: https://www.dropbox.com/team/admin/settings/sso.

    From now on, we will call this tab the Dropbox tab.

  2. In the drop-down field to the right of the Single sign-on label, select either Optional or Required.

    Note: For testing purposes, we recommend the Optional setting. After tests are successful, for security reasons, we recommend the Required setting.

Copy configuration values from the Portnox tab to the Dropbox tab

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the Dropbox SSO setup section.

  1. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Sign-In URL / SSO URL field to copy the value.

  2. In the Dropbox tab, click on the Add sign-in URL button, and in the Identity provider sign-in URL field in the pop-up window, paste the value copied from Portnox Cloud. Then, click on the Done button.

  3. In the Portnox tab, in the Certificates > Signing certificates section, click on the  ⋮  icon next to the Active certificate and select the Download certificate option to download the certificate to the local drive.

  4. In the Dropbox tab, click on the Upload certificate button and select the certificate file that you downloaded from Portnox Cloud.

Enter configuration values in the Portnox tab

In this section, you will enter configuration values in Portnox Cloud.

  1. In the Portnox tab, in the Application properties section, click on the empty field under the Entity ID / SP Entity URL heading and enter the following value: Dropbox.

  2. In the Portnox tab, in the Application properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and enter the following value: https://www.dropbox.com/saml_login.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and Dropbox.

  1. Finalize the configuration in the Portnox tab.
    1. Optional: In the Policy enforcement section, in the Device risk assessment section, change the setting to Override with custom policy and then select a risk assessment policy if you want to assess risk with this application using a custom risk assessment policy, and in the Access control section, change the setting to Override with custom policy and then select an access control policy if you want to control access to this application using a custom access control policy.
    2. Scroll all the way down to the end of the page, and then click on the Save and Close button.

  2. Finalize the configuration in the Dropbox tab.
    1. Scroll to the bottom of the Single sign-on pane and click on the Save button.

Result: You have configured Dropbox to be accessible using Portnox Zero Trust Network Access.