How to resolve the “Could not validate SAML assertion” error

Admins Updated Nov 17, 2025

In this article

person icon

The information in this article applies to all Dropbox users.

An X.509 certificate helps authenticate identity and keep your data secure. 

You may see the message, “Could not validate SAML assertion” if your X.509 certificate has expired and your identity provider (IdP) fails to send a valid, signed response. This message is solely informational. Sign-ins can still work as long as the SAML response is valid. 

Certificate renewal and enforcement should be managed in your IdP (for example, Okta or Azure Ad), not Dropbox. Managing renewals helps prevent sign-in issues or outages. 

To upload a new X.509 certificate:

  1. Log in to dropbox.com.
  2. Click Admin console in the left sidebar.
  3. Click Settings.
  4. Click the Security tab.
  5. Under Authentication, click Add to the right of X.509 certificate.
  6. Select your X.509 certificate from your hard drive, and click Upload
  7. Click Save. 
Was this article helpful?

Let us know how why it didn't help:

Thanks for letting us know!

Thanks for your feedback!

Related Articles

Change admin rights

Customize Dropbox team security settings

Data classification

Dropbox Paper: admin settings for Dropbox teams

Other ways to get help

Icon depicting two people
Community
Icon depicting a speech bubble
Contact support
Twitter Icon
Social media support