Dropbox Integration

From idenprotect Knowledge Base
Jump to: navigation, search

Introduction


Dropbox-logo@2x.jpg













This guide will take you through step-by-step in setting up Password-free Multi-Factor Authentication (MFA) and Single Sign-On (SSO) for Dropbox.

Prerequisites


  • Obtain your Dropbox account number by logging into your Dropbox admin console and navigating to Admin Console, Settings and then select Single sign-on – you will see your account number URL under Single Sign-in URL. Make a note of the URL as it will be needed for the next section.
  • Ensure you have the SAML attributes setup – see here for instructions on how to create additional SAML attributes


Configure idenprotect for Dropbox


  1. In the admin console, navigate to Config, select the Authentication Portal tab and click on Authentication Portal Service Providers.
  2. On the configuration screen a new service provider will need to be created. The following attributes will need to be added:


Name: Please select a name for the service provider (for example, Dropbox)
Type: SAML
Entity ID: Dropbox
ACS: https://www.dropbox.com/saml_login
SSO URL: https://www.dropbox.com/sso/<Your dropbox account number> This is the URL that you took a note of (see the section Before You Begin for more information)
SAML Sign On Binding: HTTP-Post
SAML Logout Binding: HTTP-Post
Add a logo to the service provider
Permitted Authentication Type – Select the authentication technology in use (idenprotect Login is Default)


  1. Once the details have been added, click Save Service Provider.
  2. The next screen will show the additional attributes needed. For Dropbox, both Email and NameID attributes will need to be added with the email “friendly name” added. If data is being synced with Active Directory or OpenLDAP authentication source then use the correct attributes depending on the directory being used, for example, Active Directory will need to map to “mail” and “sAMAccountName” and OpenLDAP will use “mail and “uid”.
  3. Once added, click the Save SAML Attributes to save the settings

Enable Dropbox SSO


  1. Log into the Dropbox admin console and navigate to Admin Console, Settings and then select Single sign-on.
  2. On the config screen, add the following settings:
Dropbox config screen.png


Identity provider sign-in URL: https://<your idenprotect server url/idp/SingleSignOnService
Identity provider sign-out URL (optional): https://<your idenprotect server url/idp/SingleLogoutService
X.509 certificate: Please add the signing certificate from your iDENprotect platform by going to https://<your idenprotect server url/idp/metadata and copy the certificate data


Idp metadata 2.png
Paste the data into a text file and add -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- at the top and at the bottom of the data block, the data in your file should look like this:

-----BEGIN CERTIFICATE-----
MIIDZjCCAk6gAwIBAgIEXk5GrjANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJH
QjEPMA0GA1UECAwGU3VycmV5MRIwEAYDVQQHDAlHdWlsZGZvcmQxHTAbBgNVBAoM
FEFwcGx5IE1vYmlsZSBMaW1pdGVkMRQwEgYDVQQLDAtpREVOcHJvdGVjdDEMMAoG
A1UEAwwDaWRwMB4XDTIwMDIyMDA4NDMyNloXDTIxMDIxOTA4NDMyNlowdTELMAkG
A1UEBhMCR0IxDzANBgNVBAgMBlN1cnJleTESMBAGA1UEBwwJR3VpbGRmb3JkMR0w
GwYDVQQKDBRBcHBseSBNb2JpbGUgTGltaXRlZDEUMBIGA1UECwwLaURFTnByb3Rl
Y3QxDDAKBgNVBAMMA2lkcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKiXnYJS9jNzGgbKSbb4EawNVv9Um2H9o1MPXFYD2JTevYhtKFnscLhWHB5r455h
q0quQaD/ojCASXZ3kmGWKvtG7HnxUTvBpeZ45W7MvXMXY4nLZvgP8fwFaVJvTkvl
D+5dIDi5yYF+/x4LONEXQRmJBFsTfavnb59BfM04zehE6hBQKLf+4dgvL+UEXlbS
Owu+hUxu2iHYchG5XHVlUfJRcR5art4Kzq2vN6zqM3FN5toY2NQSaOREfxZT1zv5
qISGMjqikhGZD44PPgwq2drcL7GSdVS7w08YSJuxlkPYG9ZotjNh12pO4Wqvpyrb
EESNcmJZiprG+17Y2NMATxsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAnObkXXZU
ZAryflPdXrpmnyFsNAn/eMyj3CgDuZcK8SFJlTlubnG7iUa84Z/PyXMU9PGkOMHJ
xB2YjQpIAWp2CWEo0+MuS+jfohDDm72UMjaexoioXgWbopPh8/sqWhUMw6VIiAYu
QoOziT9OR+a11pSmj7RFIURvcYfS89TpUszNOGuK25g9FZ4w8kOMfgzd8C+8ZP2e
cWUYDG+HNUIlenfUOI3dwb+DNJgwQuMXmKeu3/a5WpvC8/gB3XonwtvZDrOnF+mR
E7BoBKYIpeCtL2cCHEq94Pd0hQP0xfI+d+SvZWic/wvWzbpHu87ObKEj1EkklsWZ
6vLvmLZJGvB2xw==
-----END CERTIFICATE-----


3. Save the text file and remember to change the .txt extension to .cer.
4. In the Dropbox web console, return back to the X.509 section, click upload and find the certificate file you just created.
5. Once configured, select save and then logout.

Verify the SSO and MFA


To test the MFA and SSO settings, either use the Dropbox URL or your corporate idenprotect URL. You will see the idenprotect login page

  1. Add in your email address and click authenticate
Idp home.png
2. Using your chosen method of authentication, authenticate with the service
3. If successful, you will be directed into Dropbox (if you used the Dropbox URL) or click on the Dropbox icon to be taken into Dropbox.