How to enable single sign-on for your team

Updated Aug 04, 2023

If you're the admin of a Dropbox business team on an Advanced or Enterprise plan, you can enable single sign-on (SSO) for your team. Single sign-on allows team members to access Dropbox by signing in to a central identity provider. This means your team can access Dropbox without having to remember another password.

How to enable single sign-on

  1. Go to your identity provider's site and follow the instructions to configure single sign-on.
  2. Download a copy of the X.509 certificate and make a note of the sign-in URL—you’ll need this in step 8.
  3. Sign in to Dropbox using your admin credentials.
  4. Click Admin Console in the sidebar.
  5. Click Settings in the sidebar.
  6. Under Authentication, click Single sign-on.
  7. Toggle the Single sign-on setting from Off to either Optional or Required.
    • If you choose Required, team members must sign in to Dropbox using SSO, and their Dropbox password will no longer work. However, admins can still use their Dropbox admin credentials to sign in.
    • If you choose Optional, your team can sign in to Dropbox using SSO or their Dropbox password.
  8. Click Add sign-in URL and enter the URL you noted in step 2. 
    • Optional: you can click Add sign-out URL to add a sign-out URL.
  9. Click Upload certificate to upload the X.509 certificate .pem file you downloaded earlier.
  10. Click Apply changes.
  11. Notify your team.
    • If you chose to require single-sign on, Dropbox will notify team members by email.
    • If you made single-sign on optional, you’ll need to notify the team yourself.

Once you turn on single sign-on, you can share these instructions for the rest of your team.

All devices that are linked to Dropbox accounts will continue to work. Admins won't be able to reset passwords through Dropbox or require two-step verification since passwords and sign in-related security are now controlled by your identity provider.

How to find your team’s custom SSO sign-in URL

If team members have already signed in to your identity provider, they can go directly to their Dropbox account using the custom link. To find your team’s custom SSO sign-in URL:

  1. Sign in to Dropbox using your admin credentials.
  2. Click Admin console.
  3. Click Settings
  4. Click Single sign-on.
  5. In the SSO sign-in URL section, click Copy link. 

Seeing a SAML assertion error when you log in?

Learn how to resolve the error message: “Could not validate SAML assertion.”

Was this article helpful?

We’re sorry to hear that.
Let us know how we can improve.

Thanks for your feedback!
Let us know how this article helped.

Thanks for your feedback!

Community answers

Related Articles

Change admin rights

Admins

If you're the team admin of a Dropbox team account, you can make other team members admins, too. Find out how here.

View article

Customize Dropbox team security settings

Admins

Keeping your organization's information safe is our top priority. Learn more about how to customize security to meet your business needs.

View article

Data classification

Admins

Learn how to enable automatic data classification for Dropbox. Protect information in team folders and receive data loss prevention (DLP) alerts.

View article

Dropbox security alerts

Admins

Get email notifications if suspicious behavior or potential data leaks are detected in your Dropbox team account. See how to view alerts and take action.

View article

Other ways to get help

Icon depicting two people
Community
Bird icon
Twitter
Icon depicting a speech bubble
Contact support