In order to set up this integration, you need will need:
https://www.dropbox.com/saml_login, but ensure you are using Dropbox’s latest post-back URL).
We also assume you have already created the application integration called “Banyan TrustProvider” following our instructions to set up an IdP as your Identity Provider.
1.1 Log in to the Banyan Command Center and navigate to Secure Access > Policies > Create New Policy.
1.2 Create a new Policy using the template Basic Authorization Policy for Users.
1.3 Enter a Policy Name (such as,
user-saas) and a Description.
1.4 Configure the policy attributes for minimal controls:
Web - for accessing HTTP services via web browser
2.1 Navigate to Manage Services > SaaS Applications and then click + Register App.
2.2 Enter the SaaS Application Name (such as,
Dropbox) and Description (such as
Access to Dropbox).
2.3 Configure the Authentication Federation settings:
https://www.dropbox.com/saml_login) Audience URI (Service Provider Entity ID)
2.4 Attach the policy created in Step 1 (above), and then set enforcement mode to Enforcing.
2.5 Click Register.
2.6 Copy the Metadata URL, paste it in your browser search bar and then press enter to download the xml file. You will use the information in this file to configure SSO in your Dropbox Team.
3.1 Open the metadata xml file downloaded in Step 2 (above) in your preferred text editor.
3.2 Locate and copy the
X509Certificate string, and then paste it in a separate, new text editor file.
3.3 Format the string and then save it as a pem file. You will upload this file in Step 4 (below).
-----BEGIN CERTIFICATE-----) to the first line.
-----END CERTIFICATE-----) to the last line.
3.4 Also in the downloaded metadata xml file, locate and take note of the
<SingleSignOnService Location> string. You will enter this value in Step 4 (below).
4.1 Log in to your Dropbox account, and then navigate to Admin Console > Settings > Authentication > Single sign-on.
4.2 Toggle the Single sign-on setting from Off to either Optional or Required, depending on your team’s needs.
4.3 Click Add sign-in URL, and then enter the
<SingleSignOnService Location> string noted in Step 3.4 (above).
4.4 Click Upload certificate to upload the X.509 certificate pem file created in Step 3.3 (above).
4.5 Click Save.
4.6 Copy the SSO sign-in URL, which you’ll use in the step below.
Now, you can navigate to Dropbox and authenticate using the SSO sign-in URL copied in the previous step.
You will be taken to your Identity Provider to login while, behind the scenes, Banyan is evaluating device posture and enforcing your security policies.