This article provides detailed instructions on how to connect Dropbox to Active Directory Federation Services (AD FS) 2.0 for single sign-on (SSO).
Important: These instructions apply to SSO only; you'll still need to manually provision and de-provision accounts in the Dropbox Business admin console. This is especially important when users leave the organization because the Dropbox desktop and mobile apps keep users logged in indefinitely after their initial SSO authentication.
Some Dropbox customers choose to build custom applications with the Dropbox Business API to automatically provision and de-provision users in response to changes in AD. Please contact your Account Manager if you're interested in API access.
Please also note that these instructions are still in beta. We welcome any feedback or questions as you follow the steps.
- An AD FS 2.0 instance that has Rollup 3 or later installed
- An AD FS SAML endpoint that is exposed to the devices that will need to authenticate
You can learn more about installing AD FS Update Rollup 3 on Microsoft's support site.
Connect Dropbox to AD FS for SSO
- In the AD FS 2.0 Console, under Actions, select Add Relying Party Trust....