Dropbox uses the Security Assertion Markup Language (SAML), which is the industry standard. This means our implementation of single sign-on integrates easily with any large identity provider that supports SAML.
The following identity providers offer preconfigured settings for Dropbox:
- CA Siteminder
- G Suite
- MobileIron Access
- Ping Identity
- Symantec Identity: Access Manager
Note: We also integrate with self-built SAML-based federated authentication processes, and support both service-provider-initiated SAML and identity-provider-initiated SAML.
How to configure your own identity provider solution for SSO
If you’d like to configure your own solution or use a different identity provider, here are the parameters and information you'll need:
- Dropbox uses SAML2 with the HTTP Redirect binding for SP to IdP and expects the HTTP Post binding for IdP to SP
- The Dropbox post-back URL (also called the Assertion Consumer Service URL) is https://www.dropbox.com/saml_login
- Dropbox requires that the NameID contain the user’s email address. Technically we are looking for: Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
- Your identity provider may ask if you want to sign the SAML assertion, the SAML response, or both. Dropbox requires the SAML response to be signed. You can choose signed or unsigned for the SAML assertion.