How to enable single sign-on for your team

Admins Updated Feb 13, 2026

How to turn on single sign-on

Go to your identity provider's site and follow the instructions to set up single sign-on.
- Many identity providers offer preconfigured settings for Dropbox. If your identity provider isn't supported, you can configure your own identity provider solution for SSO.
Download a copy of the X.509 certificate and make a note of the log in URL, you’ll need both later.
Log in to dropbox.com using your admin credentials.
Click Admin console in the left sidebar.
Under Team, click Settings.
Click the Security tab.
Under Authentication, click the dropdown next to Single sign-on (SSO) and select either:
- Optional (for testing): Your team can log in to Dropbox using SSO or their Dropbox password.
- Required (for production): Team members must log in to Dropbox using SSO, and their Dropbox password will no longer work. Admins can still use their Dropbox admin credentials to log in.

Note: To turn off single sign-on, click the dropdown next to Single-sign on (SSO) and select Off.

Click Add next to Identity provider sign-in URL, enter the copied login URL, then click Done.
Click Add next to X.509 certificate.
Select your X.509 certificate from your hard drive and click Upload.
Click Save.

After you turn on single sign-on, you can share these instructions for the rest of your team.

All devices that are linked to Dropbox accounts will continue to work. Admins can't reset passwords through Dropbox or require two-factor authentication since passwords and log in-related security are now managed by your identity provider.

How to find your team’s custom SSO sign-in URL

If team members have already logged in to your identity provider, they can go directly to their Dropbox account using the custom link.
To find your team’s custom SSO sign-in URL: