Users can log in to Dropbox Business using the Teamstack credentials via SAML.
This document will guide you through the set up.
- Dropbox (SP) initiated Single Sign On
- Teamstack (IdP) initiated Single Sign On
- Dropbox Business Plan: Advanced
Set up SSO via SAML for Dropbox
To set up SSO you first need to create a Dropbox app in Teamstack and then configure Dropbox SSO with the SAML settings from Teamstack.
Step 1: Create Dropbox app in Teamstack
- Go to your Applications.
- Click "Add Application" in the top right corner.
- Search for "Dropbox Business" and click "Add".
- Select this app to be a "SAML" app and leave the "Relay State" input empty. Click on the "Add" button.
- On your applications overview, click on the newly created Dropbox app. You will see all details about this app.
- Click on "SAML Configurations". Keep this page open, you will need these values once you configure the SAML settings in Dropbox.
Step 2: Set up SAML in Dropbox
- Log in to your Dropbox account with your administrator account.
- Go to the "Admin Console"
- Under Settings, click on "Single sign-on" in the "Authentication" section.
- In the top right, you can set the SAML login to "Required", "Optional" or "Off"
- if your users should be able to log in via SAML or Password, set it to "Optional"
- if your users should always log in via SAML, set the toggle to "Required"
- You should set the toggle to "Optional" while testing that everything works and then change it to "Required" later.
- Copy the "Sign-in page URL" value from Teamstack (step 1.6) to the "Identity provider sign-in URL" in Dropbox.
- Download the SAML metadata file from Teamstack via the "SAML Metadata" button and upload it to the "X.509 certificate" input at Dropbox.
- Click save.
Step 3: Test that the SAML setup is working
To test if the SAML connection is functioning properly, you need to make sure your primary email in Teamstack is the same as your Dropbox account email and then do the following steps:
- Assign the Dropbox app to yourself in Teamstack.
- Open a new incognito window, log in to Teamstack and click on the Dropbox icon on your Dashboard
- You now should be redirected to Dropbox and logged in.
- You can now decide to toggle the SAML settings to "Required" from step 2.4. Note that Dropbox admins will always be able to log in via password.
Step 4: Invite your team:
For Teamstack users to be able to login via SAML, you need to invite them through Dropbox and give them access to the Dropbox app in Teamstack. You users will be able to log in after they have accepted the invite.