This article provides detailed instructions on how to configure your Dropbox Business account to support SP-initiated SSO relying on Active Directory Federated Services 3.0, often referred to as ADFS 2012 R2.
Your deployment should follow Microsoft’s best-practices for deploying AD FS clusters and proxies—configuring a full AD DS / AD FS deployment is outside the scope of this guide.
Important: These instructions apply to SSO only; you'll still need to manually provision and de-provision accounts in the Dropbox Business admin console. This is especially important when users leave the company because the Dropbox desktop and mobile apps keep users logged in indefinitely after their initial SSO authentication.
Some Dropbox customers choose to build custom applications with the Dropbox Business API to automatically provision and de-provision users in response to changes in AD. Please contact your Account Manager if you're interested in API access.
Please also note that these instructions are still in beta. We welcome any feedback or questions as you follow the steps.
- An AD FS 3.0 instance with an AD FS SAML endpoint that is exposed to the devices that will need to authenticate
Connect Dropbox to AD FS 3.0 for SSO
- Create a new relying party trust.