How can I customize security for my Dropbox team?
The information in this article applies to all Dropbox customers.
We understand that you need to keep your organization’s information safe, which is why we’ve designed Dropbox with a number of physical and technical security measures. If you’re an admin on a Dropbox team, you have access to features that allow you to customize security to your particular needs.
User provisioning
Users can be invited to a Dropbox team manually by sending an email invite from the admin console, or automatically by integrating with an existing Active Directory or LDAP deployment through one of our identity management providers.
Sharing permissions
Admins can control whether team members are able to share items with people outside the team, and set different rules for shared folders and shared links. If sharing outside the team is enabled, members will still be able to make individual folders or links “team only” as needed.
Authentication
Single sign-on (SSO) allows you to put your existing identity provider in charge of authentication. Two-step verification can also be enabled to add an extra layer of security. In addition, admins can reset passwords for individual users or the entire team.
Session control
Admins can remotely sign team members out of web sessions and devices and revoke third-party app access for any team members.
Password control
Admins can set password requirements or reset passwords for their teams.
Enabling password control will log out all team members, notify them of new password requirements, and prompt them to reset their passwords.
Admins can also choose to reset passwords for all of their team members. This will prompt each team member to choose a new password the next time they log in to Dropbox. The option to reset all passwords is available in the password control section of the admin console.
Connecting personal and work Dropbox accounts
Admins can turn off team members’ ability to use our desktop application for both personal and work Dropbox accounts at the same time.
Transferring data during offboarding
When removing users from a Dropbox team, admins have the ability to transfer their data to another user.
Remote wipe
If a device is lost or someone leaves the organization, admins can easily delete files and folders from computers and mobile devices once they come back online.
Encryption options
Advanced key management and end-to-end encryption are available to provide an extra layer of security.
Visibility
Admins can generate activity reports at any time for events related to passwords, logins, admin actions, apps, devices, sharing, and membership. Reports are available for individual users or entire team accounts and can be downloaded in CSV (comma-separated values) format for analysis with SIEM (Security Information and Event Management) tools.
To learn more about our Control and Visibility solutions, see the Dropbox Trust Guide.