Enable Single Sign-On to Dropbox with UserLock

This guide explains how to integrate Dropbox with UserLock Single Sign-On (SSO) using the SAML 2.0 protocol.

Once configured, Dropbox logins are authenticated by UserLock. This provides users with a seamless sign-in experience and allows administrators to enforce UserLock access policies (MFA, time, machine, or location restrictions) on SSO sessions.

🚩️ Before starting:

• You need a Dropbox Business account.

• UserLock SSO must already be installed and configured.

1. In the UserLock console, go to ⚙️ Server settings ▸ Single Sign-On.

2. In the application list, select Dropbox.

3. When prompted, enter the Email domain to be used for user logins.

4. Save the profile.

1. Sign in to Dropbox Admin Console with an administrator account.

2. Go to ⚙️Server settings ▸ Single Sign-On.

3. Complete the form with the following values:
   

   Settings	Values
   Single sign-on	Optional (recommended for testing) or Required (once confirmed).
   Identity Provider Login URL	https://sso.contoso.com
   Identity Provider Logout URL (optional)	https://sso.contoso.com/connect/endsession
   X.509 certificate	Go to UserLock console▸ ⚙ Server Settings▸ Single Sign-On Click on Download ▸ SAML certificate. Upload the downloaded file

To cancel SSO and revert to standard logins:

• Set the Single sign-on drop-down list value to Off.

For common issues, see Troubleshooting SSO.
If the problem persists, please contact IS Decisions Support.

You can extend the security of SSO sessions by applying UserLock access policies in addition to authentication.

• Apply MFA on SaaS connections to require stronger authentication.

• Hour restrictions: define when users are allowed to connect.

• Geolocation rules: enforce access policies based on user location.

• Session limits: allow or deny SaaS logins entirely for specific users.