Which identity providers does Dropbox support?

Updated Dec 18, 2024

The information in this article applies to customers on Dropbox Advanced, Business Plus, and Enterprise.

Dropbox uses the Security Assertion Markup Language (SAML), which is the industry standard. This means our implementation of single sign-on integrates easily with any large identity provider that supports SAML.

The following identity providers offer preconfigured settings for Dropbox:

Auth0
Bitium
CA Siteminder
Centrify
Google Workspace
MobileIron Access
OneLogin
Okta
Ping Identity
Salesforce
Symantec Identity: Access Manager
Symplified

Note: We also integrate with self-built SAML-based federated authentication processes, and support both service-provider-initiated SAML and identity-provider-initiated SAML.

How to configure your own identity provider solution for SSO

If you’d like to configure your own solution or use a different identity provider, here are the parameters and information you'll need:

Dropbox uses SAML2 with the HTTP Redirect binding for SP to IdP and expects the HTTP Post binding for IdP to SP
The Dropbox post-back URL (also called the Assertion Consumer Service URL) is https://www.dropbox.com/saml_login
Dropbox requires that the NameID contain the user’s email address. Technically we are looking for: Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
Your identity provider may ask if you want to sign the SAML assertion, the SAML response, or both. Dropbox requires the SAML response to be signed. You can choose signed or unsigned for the SAML assertion.

Was this article helpful?

Yes, thanks!

Not really