How to connect Dropbox with Microsoft Entra ID

The Dropbox integration with Microsoft Entra ID, formerly known as Microsoft Azure AD, helps you manage your Dropbox team account from Microsoft Entra ID. With this integration, you can:

• Manage provisioning and deprovisioning Dropbox team members users through Microsoft Entra ID
• Configure single sign-on (SSO) for your Dropbox team account

Requirements

Before you can provision Dropbox team members or configure SSO through Microsoft Entra ID, you must have:

• An admin account on Dropbox team
• An Entra ID user account with a valid email address
• A Microsoft Entra subscription, with one of these roles: 
  • Application administrator
  • Cloud application administrator
  • Application owner

How to add Dropbox to Microsoft Entra ID

First, add the Dropbox team integration to Microsoft Entra ID:

1. Log in to the Microsoft Entra ID admin center
2. Click Enterprise apps in the left sidebar.
3. Click New application.
4. Enter Dropbox Business in the search box in Browse Microsoft Entra App Gallery.
5. Click Dropbox Business, then click Create.

Before rolling out SSO and provisioning to your organization, create a test user to verify that the integration works as expected. Your test user must have a valid email address that you can access.

Learn how to create a test user.

How to provision users to your Dropbox team account

When you integrate Dropbox Business with Microsoft Entra ID, you can:

• Control who can access Dropbox Business in Microsoft Entra ID
• Enable members to be automatically logged in to Dropbox Business with their Microsoft Entra accounts
• Manage accounts in one central location

To provision users to your Dropbox team account: 

1. In the Microsoft Entra admin center, go to Quick Start.
2. Click Create your test user in Dropbox for Business (required).
3. Under Provisioning Status, select:
   • On: Automatically provision users from Microsoft Entra ID
   • Off: Manually provision users from the Dropbox admin console
4. Under Scope, choose one of the following:
   • Sync only the assigned users and groups (Recommended): Only assigned users and groups are provisioned.
   • Sync all users and groups: All users and groups are provisioned.
5. Click Save.

Once configured, it allows you to automatically manage user accounts provisioning with Microsoft Entra ID.

If provisioning is turned on

• Any users you provision appear on the Members page in the Dropbox admin console.
• Team members must accept their invitation before joining the team.
• Team members appear under the Active or Invited filters.
• Beneath the members list, you can see Members managed by Windows Entra ID.
   

If provisioning is turned off

• You can invite users to your team from the Dropbox admin console.
   

Learn how to configure automatic user provisioning with Microsoft Entra ID.

How to sync groups from Microsoft Entra ID

The same groups you have with AD can sync into Dropbox with the newest version of the Microsoft Entra ID Connector.

How to configure single sign-on

To use Microsoft Entra ID as a single sign-on (SSO) provider for your Dropbox team account, configure SSO in both apps.

To connect Dropbox Business and Microsoft Entra ID, you'll need:

• A unique sign-in URL from Dropbox
• A unique sign-in URL from Microsoft Entra ID
• A unique sign-out URL from Microsoft Entra ID
• A 509 certificate from Microsoft Entra ID

It’s easiest if you keep both dropbox.com and the Microsoft Entra admin center open in your web browser.

Copy the Dropbox SSO sign-in URL

Before you begin, you’ll need the Dropbox SSO sign-in URL: 

1. Log in to dropbox.com with your admin credentials.
2. Click Admin console in the left sidebar.
3. Click Settings.
4. Click the Security tab.
5. Under Authentication, click Copy link to the right of SSO sign-in URL.

Configure Microsoft Entra ID

You’ll need to configure Microsoft Entra ID and enable SSO in Dropbox. 

Learn how to configure SSO using Microsoft Entra ID.

How to test single sign-on

Check that SSO is set up correctly by testing the connection between Dropbox for Business and Microsoft Entra ID.

Log out of your Dropbox team admin account and try logging in as your test team member using SSO:

1. If you’re logged in to your admin account on dropbox.com, click your avatar in the top-right corner and choose Log out.
2. Log in to dropbox.com using a user assigned for testing in Microsoft Entra ID.
3. Click Continue.
4. You’re redirected to the Microsoft Login Portal. Enter the user Entra ID username and password.
5. You’re redirected back to dropbox.com and are logged in to that user account.
   
   

How to assign Dropbox Business to users

If everything’s set up and your test is successful, it’s time to give your users access to Dropbox teams. Assign Dropbox Business to each user or group that needs to use Dropbox Business.

If you assign Dropbox Business to a user, SSO is enabled, and provisioning is automatic, then:

• The assigned user is provisioned in Dropbox and they receive an invite to the Dropbox Business team.
• After they join the team, they can log in using SSO.

To assign Dropbox Business to users or groups, navigate to the Microsoft Entra admin center:

1. Log in to the Microsoft Entra admin center.
2. Click Deploy single sign-on to users and groups (recommended).
3. Open Users and groups.
4. Assign Dropbox Business access to the users and groups you want to provision.

Users who aren’t assigned Dropbox Business won’t be provisioned automatically and can’t use SSO.