How to enable single sign-on for your team

Updated May 10, 2024
person icon

The information in this article applies to certain types of admins on Dropbox Advanced, Business Plus, and Enterprise.

If you're the admin of a Dropbox team on Advanced or Enterprise, you can enable single sign-on (SSO) for your team. Single sign-on allows team members to access Dropbox by signing in to a central identity provider. This means your team can access Dropbox without having to remember another password.

How to enable single sign-on

  1. Go to your identity provider's site and follow the instructions to configure single sign-on.
  2. Download a copy of the X.509 certificate and make a note of the sign-in URL—you’ll need this in step 8.
  3. Log in to Dropbox using your admin credentials.
  4. Click Admin console in the left sidebar.
  5. Click Settings in the left sidebar.
  6. Under Authentication, click Single sign-on.
  7. Toggle the Single sign-on setting from Off to either Optional or Required.
    • If you choose Required, team members must log in to Dropbox using SSO, and their Dropbox password will no longer work. However, admins can still use their Dropbox admin credentials to log in.
    • If you choose Optional, your team can log in to Dropbox using SSO or their Dropbox password.
  8. Click Add sign-in URL and enter the URL you noted in step 2. 
    • Optional: you can click Add sign-out URL to add a sign-out URL.
  9. Click Upload certificate to upload the X.509 certificate .pem file you downloaded earlier.
  10. Click Apply changes.
  11. Notify your team.
    • If you chose to require single-sign on, Dropbox will notify team members by email.
    • If you made single-sign on optional, you’ll need to notify the team yourself.

Once you turn on single sign-on, you can share these instructions for the rest of your team.

All devices that are linked to Dropbox accounts will continue to work. Admins won't be able to reset passwords through Dropbox or require two-step verification since passwords and log in-related security are now controlled by your identity provider.

How to find your team’s custom SSO sign-in URL

If team members have already signed in to your identity provider, they can go directly to their Dropbox account using the custom link. To find your team’s custom SSO sign-in URL:

  1. Log in to Dropbox using your admin credentials.
  2. Click Admin console.
  3. Click Settings
  4. Under Authentication, click Single sign-on.
  5. In the SSO sign-in URL section, click Copy link. 

Seeing a SAML assertion error when you log in?

Learn how to resolve the error message: “Could not validate SAML assertion.”

Was this article helpful?

Let us know how why it didn't help:

Thanks for letting us know!

Thanks for your feedback!

Other ways to get help