Need help?

Connect Azure Active Directory with Dropbox for Business

Dropbox for Business admins can integrate Azure Active Directory and manage teams though Azure AD.

  • Configure single sign-on (SSO) for your Dropbox Business team
  • Manage provisioning and deprovisioning Dropbox Business users through Azure AD

To get started you will need:

  • A team admin account on a Dropbox Business team
  • A Microsoft Azure subscription
  • An Azure AD user account with a valid email address

There are several steps to set up SSO and user provisioning between Dropbox Business and Microsoft Azure. Go through each section of this article in order to set up provisioning and SSO. If you don’t want to set up SSO, stop after Provision users to your Dropbox Business team.

Add Dropbox to Microsoft Azure

  • Sign in to the Microsoft Azure Portal
  • Click Azure Active Directory
  • Click Enterprise Applications
  • Click New Application
  • Choose Dropbox for Business from the All category
  • Click Add

Create a test user

Starting with a test user means you can check everything is working correctly before rolling out across the organisation. Your test user must have a valid email address with an email inbox you can access.

  • In the Microsoft Azure Portal, navigate to Quick Start
  • Click Assign a user for testing (required)
  • Click Add user and select a user or users for testing
  • Save your selection
  • On the Quick Start page, click Create your test user in Dropbox for Business (required)
  • Select Provisioning Mode: Automatic
  • Click Authorise
  • You’re redirected to dropbox.com. Click Allow to authorise Microsoft Azure AD as a Dropbox Business Team app
  • Click Test Connection to verify that Azure AD was successfully authorised

Provision users to your Dropbox Business team

As an admin, you can decide how you want to provision users to the Dropbox for Business team:

  • Automatically provision users through Microsoft Azure
  • Provision users manually through the Dropbox Business admin console

After selecting your test user in the Microsoft Azure portal:

  • Under Provisioning Status, select:
    On: Automatically provision users from Microsoft Azure to your Dropbox Business team
    Off: Manually provision users through the Dropbox Business admin console
  • Set Scope:
    Sync only the assigned users and groups (Recommended): you assign Dropbox to certain users. Only the users you assign to Dropbox are provisioned to your Dropbox Business team
    Sync all users and groups: all users and groups on your Microsoft Azure team are provisioned to your Dropbox Business team
  • Click Save

If Provisioning Status is set to On:

  • Any users you provision appear in the Members page of the Dropbox Business admin console. Users must accept an invitation to your team. They appear under either the Active or Invited filters
  • Beneath the members list, you can see Members managed by Windows Azure AD

If Provisioning Status is set to Off:

  • You can invite users to your team through the Dropbox Business admin console

Configure single sign-on for your Dropbox for Business team

To use Microsoft Azure as a single sign-on (SSO) provider for your Dropbox Business team, configure SSO in both apps. You will need:

  • A unique sign-in URL from Dropbox
  • A unique sign-in URL from Microsoft Azure
  • A unique sign-out URL from Microsoft Azure
  • A 509 certificate from Microsoft Azure

It’s easiest if you keep both dropbox.com and the Microsoft Azure Portal open in your web browser.

On dropbox.com, copy the SSO sign-in URL:

  • Sign in to dropbox.com with your admin account
  • Click Admin Console
  • Click Settings
  • Click Single Sign-On
  • Under SSO sign-in URL, choose Copy link. You’ll need this URL in Microsoft Azure

Next, move to the Microsoft Azure Portal and make sure that your settings are correct for Dropbox Business:

  • Sign in to the Microsoft Azure Portal
  • Choose the Dropbox Business app
  • On the Quick Start page, click Configure single sign-on (required)
  • Set Mode to SAML-based Sign-on
  • Paste the URL copied from the Dropbox Business admin console into the Sign on URL field
  • In the Identifier field enter Dropbox
  • Click Certificate (Base64) to download and save the SAML Signing Certificate
  • Click Configure Dropbox for Business to open the configuration guide. Copy the Azure AD Single Sign-On Service URL and Azure AD Sign-Out URL. Keep these URLs available, you’ll need these URLs to finish configuring the integration
  • Click Save

Now that your settings are correct in the Microsoft Azure Portal, you can enable SSO in Dropbox:

  • Sign in to dropbox.com with your admin account
  • Click Admin Console
  • Click Settings
  • Click Single Sign-On
  • In the Single sign-on box
    Set SSO to Optional during testing phase. Optional allows users to use either SSO or their username and password when logging in
    Set SSO to Required once testing is complete to enforce SSO. Admins will always have the option of using a username and password when logging in
  • Next to Identity provider sign-in URL, paste the Azure AD Single Sign-On Service URL provided by Microsoft Azure
  • Next to Identity provider sign-out URL (optional), paste the Azure AD Sign-Out URL provided by Microsoft Azure
  • Click Choose Certificate and upload the SAML Signing Certificate downloaded from Microsoft Azure.
  • Click Save Changes

To test single sign-on is working correctly log out of your Dropbox for Business admin account and try logging back in as the test user. If things are working you should be redirected to the Microsoft Login Portal.

Assigning Dropbox for Business to users

If you assign Dropbox Business to a user, SSO is enabled, and provisioning is automatic, then:

  • The assigned user is provisioned in Dropbox and they receive an invite to the Dropbox Business team
  • After they join the team, they can sign in using SSO

To assign Dropbox Business to users or groups, navigate to the Microsoft Azure Portal:

  • Sign in to the Microsoft Azure Portal
  • Click Deploy single sign-on to users and groups (recommended)
  • You’re directed to Users and groups where you can assign users Dropbox Business access, either individually or as a group

Users that you don’t assign Dropbox Business access to aren’t automatically provisioned and can’t use SSO

Last Updated: 14 January, 2019

SMS logo

We're the experts in the business cloud. Take a look at our full service range.

Office 365 Plans

We offer the full suite of Office 365 plans including the fully-features Office 365 Business Premium, email only plans, and the full Enterprise suite.

See Office 365 plans

Microsoft 365 Plans

Get the full Microsoft experience with Windows 10, Microsoft Office, cloud storage, and email.

See Microsoft 365 plans

Advanced spam protection

Protect your emails, and company network, from spam, virus, phishing, and other threats.

See protection plans