Security control and visibility

We’ve developed a number of tools that empower administrators and IT to customize Dropbox Business to their organization’s particular security control needs. A toolbox of control and visibility features is available via the Dropbox Business admin console and our various user interfaces. We’ve also extended the Dropbox Platform to help businesses integrate Dropbox Business seamlessly into their core IT processes with the Dropbox Business API.

Identity and access management

Directory services integration

Simplify provisioning and deprovisioning by automatically adding and removing users from existing Active Directory or LDAP deployments or through one of our identity management providers.

Single sign-on (SSO)

Streamline authentication by working with one of our officially supported SSO providers or with your own SAML 2.0-compliant solution.

Two-step verification

This optional — but highly recommended — security feature adds an extra layer of protection to a user’s Dropbox account. Once two-step verification is enabled, Dropbox will require a six-digit security code in addition to a password upon sign-in or when linking a new device.

Two Dropboxes

Each user can choose to connect a personal and a work Dropbox across all devices to enable clear separation of business and personal data. Admins can enable or block desktop client access to this feature for team members.

Sharing and file controls

Admins can control whether team members are able to share items with people outside the team, and set different rules for shared folders and shared links. If sharing outside the team is enabled, members will still be able to make individual folders or links “team only” as needed. Admins can also default shared links to be visible to team members only, and can disable shared links from the admin console.

Shared file and folder permissions

  • View-only permissions for shared folders. This access allows members of a shared folder to always see the latest versions of the files without having the ability to edit them.

  • Passwords and expirations for shared links. Create boundaries around who can access content through shared links with an owner-defined password, and set an expiration for any shared link to provide temporary access to files or folders.

Recovery and version history

All Dropbox Business customers have the ability to restore lost files and recover previous versions of files up to 120 days old, ensuring changes to important data can be tracked and retrieved.

Administrative actions

Track account usage by viewing linked devices and third-party apps, as well as active web sessions. Control team data by terminating any session, deleting local copies of files, and revoking third-party app access to user accounts. As a proactive security measure, admins can reset passwords for the entire team or on a per-user basis.

Unlink devices

Computers and mobile devices connected to user accounts can be unlinked by the admin through the admin console. On computers, unlinking removes authentication data and provides the option to delete local copies of files the next time the computer comes online. On mobile devices, unlinking removes files marked as favorites, cached data, and login information.

Remote wipe

Protect business data when employees leave or in the event of device loss by deleting data and local copies from both computers and mobile devices to prevent unauthorized access.

Account transfer

After deprovisioning a user (either manually or via directory services), admins can transfer files from that user’s account to another user on the team.


Comprehensive audit logs

Dropbox Business admins can generate activity reports at any time for hundreds of events, filtered by date range. Reports are available for individual users or entire team accounts and can be downloaded in CSV (comma-separated values) format or integrated directly into your existing security information and event management (SIEM) tools for analysis using the Dropbox Business API. Admins can also perform targeted investigations with refined filtering and enhanced search directly in the Activity tab. The following information is available to admins in activity reports:

  • Passwords. Changes to password or two-step verification settings. Admins do not have visibility into users’ actual passwords.

  • Logins. Successful and failed sign-ins to the Dropbox website.

  • Admin actions. Changes to settings in the admin console, such as shared folder permissions.

  • File events. Changes to files including file adds, edits, moves, downloads, etc.

  • Apps. Linking of third-party apps to Dropbox accounts.

  • Devices. Linking of computers or mobile devices to Dropbox accounts.

  • Sharing. Events for both shared folders and shared links, including creating/joining shared folders and sending/opening shared links to documents. In many cases, reports will specify whether actions involve non-team members.

  • Membership. Additions to and removals from team.

Additionally, individual file and folder events (edits, deletions, and shared folder membership) can be tracked from each user’s Events page.

Dropbox Business API

We extended the power of the Dropbox Platform to help businesses integrate Dropbox Business into their core IT processes and support custom workflows. Through the Dropbox Business API and our partners, you can enable:

  • Identity management & single sign-on (SSO)

  • Security information and event management (SIEM) and analytics

  • Data loss prevention (DLP)

  • Digital rights management (DRM)

  • eDiscovery & legal hold

  • Data migration and on-premises backup

  • Custom workflows enhanced by Dropbox

Learn more about the Dropbox Business API.

Find more details about our security architecture in our Dropbox Business security whitepaper.