Connect Microsoft Azure AD with Dropbox Business

The Dropbox integration with Microsoft Azure AD helps you manage your Dropbox Business team centrally through Microsoft Azure AD. When you use Dropbox with Microsoft Azure AD, you can:

  • Configure single sign-on (SSO) for your Dropbox Business team
  • Manage provisioning and deprovisioning Dropbox Business users through Azure AD

Requirements

  • A team admin account on a Dropbox Business team
  • A Microsoft Azure subscription
  • An Azure AD user account with a valid email address

There are several steps to set up SSO and user provisioning between Dropbox Business and Microsoft Azure. Go through each section of this article in order to set up provisioning and SSO.

If you don't want to set up SSO, stop after Provision users to your Dropbox Business team.

Note: The steps in this article use the current Microsoft Azure Portal. 

Sections in this article:

Add Dropbox to Microsoft Azure

First, add the Dropbox Business integration to Microsoft Azure:

  1. Sign in to the Microsoft Azure Portal.
  2. Click Azure Active Directory.
  3. Click Enterprise Applications.
  4. Click New Application.
  5. Choose Dropbox for Business from the All category.
  6. Click Add.

Create your test user

It’s best to set up SSO and provisioning using a Microsoft Azure test user. You can make sure everything works the way you want before users join your Dropbox Business team.

Your test user must have a valid email address with an email inbox you can access.

Follow these steps to set up your test user:

  1. In the Microsoft Azure Portal, navigate to Quick Start.
  2. Click Assign a user for testing (required).  
  3. Click Add user and select a user or users for testing.  
  4. Save your selection.  
  5. On the Quick Start page, click Create your test user in Dropbox for Business (required).  
  6. Select Provisioning Mode: Automatic.
  7. Click Authorize.
  8. You’re redirected to dropbox.com. Click Allow to authorize Microsoft Azure AD as a Dropbox Business Team app.
  9. Click Test Connection to verify that Azure AD was successfully authorized.

Provision users to your Dropbox Business team

Choose how you want to provision users to your Dropbox Business team. You can either:

  • automatically provision users through Microsoft Azure
  • provision users manually through the Dropbox Business admin console
  1. From the Quick Start page in the Microsoft Azure Portal, select Create your test user in Dropbox for Business (required).
  2. Under Provisioning Status, select:
    • On: Automatically provision users from Microsoft Azure to your Dropbox Business team
    • Off: Manually provision users through the Dropbox Business admin console
  3. Set Scope
    • Sync only the assigned users and groups (Recommended): you assign Dropbox to certain users. Only the users you assign to Dropbox are provisioned to your Dropbox Business team.
    • Sync all users and groups: all users and groups on your Microsoft Azure team are provisioned to your Dropbox Business team.
  4. Click Save.

If Provisioning Status is set to On:

  • Any users you provision appear in the Members page of the Dropbox Business admin console. Users must accept an invitation to your team. They appear under either the Active or Invited filters.
  • Beneath the members list, you can see Members managed by Windows Azure AD.

If Provisioning Status is set to Off:

  • You can invite users to your team through the Dropbox Business admin console.

Configure single sign-on for your Dropbox Business team

To use Microsoft Azure as a single sign-on (SSO) provider for your Dropbox Business team, configure SSO in both apps. 

To connect Dropbox Business and Microsoft Azure, you need:

  • A unique sign-in URL from Dropbox
  • A unique sign-in URL from Microsoft Azure
  • A unique sign-out URL from Microsoft Azure
  • A 509 certificate from Microsoft Azure

It’s easiest if you keep both dropbox.com and the Microsoft Azure Portal open in your web browser.

On dropbox.com, copy the SSO sign-in URL:

  1. Sign in to dropbox.com with your admin account.
  2. Click Admin Console.
  3. Click Settings.
  4. Click Single Sign-On.
  5. Under SSO sign-in URL, choose Copy link. You’ll need this URL in Microsoft Azure. 

Next, you’ll move to the Microsoft Azure Portal and make sure that your settings are correct for Dropbox Business:

  1. Sign in to the Microsoft Azure Portal.
  2. Choose the Dropbox Business app.
  3. On the Quick Start page, click Configure single sign-on (required).
  4. Set Mode to SAML-based Sign-on.
  5. Paste the URL copied from the Dropbox Business admin console into the Sign on URL field.
  6. In the Identifier field enter Dropbox.
  7. Click Certificate (Base64) to download and save the SAML Signing Certificate.
  8. Click Configure Dropbox for Business to open the configuration guide. Copy the Azure AD Single Sign-On Service URL and Azure AD Sign-Out URL. Keep these URLs available, you’ll need these URLs to finish configuring the integration.
  9. Click Save.

Now that your settings are correct in the Microsoft Azure Portal, enable SSO in Dropbox:

  1. Sign in to dropbox.com with your admin account.
  2. Click Admin Console.
  3. Click Settings.
  4. Click Single Sign-On.
  5. In the Single sign-on box:
    • Set SSO to Optional during testing phase. Optional allows users to use either SSO or their username and password when logging in.
    • Set SSO to Required once testing is complete to enforce SSO. Admins will always have the option of using a username and password when logging in.
  6. Next to Identity provider sign-in URL, paste the Azure AD Single Sign-On Service URL provided by Microsoft Azure.
  7. Next to Identity provider sign-out URL (optional), paste the Azure AD Sign-Out URL provided by Microsoft Azure
  8. Click Choose Certificate and upload the SAML Signing Certificate downloaded from Microsoft Azure. 
  9. Click Save Changes.

Test single sign-on

Check that SSO is set up correctly by testing the connection between Dropbox Business and Microsoft Azure.

Sign out of your Dropbox Business admin account and try signing in as your test team member using SSO:

  1. If you’re signed in to your admin account on dropbox.com, click your avatar and choose Sign out.
  2. Sign in to dropbox.com using a user assigned for testing in Azure AD.  
  3. Click Continue.
  4. You’re redirected to the Microsoft Login Portal. Enter the user Azure AD username and password.  
  5. You’re redirected back to dropbox.com and are signed in to that user account.

Assign Dropbox Business to users

If everything’s set up and your test is successful, it’s time to give your users access to Dropbox Business. Assign Dropbox Business to each user or group that needs to use Dropbox Business.

If you assign Dropbox Business to a user, SSO is enabled, and provisioning is automatic, then:

  • the assigned user is provisioned in Dropbox and they receive an invite to the Dropbox Business team
  • after they join the team, they can sign in using SSO

To assign Dropbox Business to users or groups, navigate to the Microsoft Azure Portal:

  1. Sign in to the Microsoft Azure Portal.
  2. Click Deploy single sign-on to users and groups (recommended)
  3. You’re directed to Users and groups where you can assign users Dropbox Business access, either individually or as a group. 

Users that you don’t assign Dropbox Business access to aren’t automatically provisioned and can’t use SSO.

Did this article answer your question?

We’re sorry to hear that. Let us know how we can improve:

Thanks for your feedback!

Community answers
    Community answers

      Other ways to get help

      Community

      Twitter support

      Guided help

      Other ways to get help

      Community

      Twitter support

      Guided help

      Other ways to get help

      Community

      Twitter support

      Contact support