Karim Elatov

RSA SecurID Access SAML DropBox Rich Client Setup

Blog Post created by Karim Elatov Employee on Oct 10, 2015

Dropbox Setup

Looking over the documentation of dropbox it mentions that after setting Required mode for the SSO configuration, Rich Clients (like Desktop clients and Mobile Clients) should still work (What happens when I add a new user to the Business account?):

If you've turned on SSO in required mode, you'll need to make sure that the new user's email address is registered with your identity provider. Otherwise, the user will not be able to sign in and access Dropbox. In optional mode, the user will be asked to create a Dropbox password and can sign in with it as usual.

To make sure we are only using SSO and not the standard dropbox password let's make sure Dropbox is set for Required mode.

Confirm Required Mode is enabled

I logged into dropbox as the Administrator, navigated to Authentication, and confirmed that Required mode is enabled:


Initial Registration

After an administrator invites you to dropbox, you will receive an email:


Upon clicking on the link you can enter your email address and it will take you to the IdP:


And then you will be forwarded back to dropbox:


Desktop Client

Login to dropbox and click on YOUR_NAME -> Install:


And it will allow you to download the client:


Download it and start the installer:


After the installer was finished, the application launched, and I saw the following:


I just entered my email for the username, left the password blank, and clicked "Sign In". It figured out that I have SSO enabled and I saw the following:


Then upon clicking Get your link code a web browser opened up to the IdP:


We also had step-up enabled so I had to go through that:


After I was authenticated and authorized at the IdP side, it forwarded me to dropbox which showed me the link code:


I then copied that and pasted it back at the Dropbox Rich Client and it congratulated me on a successful setup:


Then I clicked "Open my Dropbox folder" and it showed me the contents:


So it worked out quite well. Once the link is established we won't be able to use step up again, so it's a one time setup and then dropbox doesn't have to re-login to the IdP. From the same page (What's the difference between optional mode and required mode?):

Users' existing desktop and mobile clients will remain linked to their accounts. This includes any desktop or mobile client that was connected to their account before they joined Dropbox for Business. All new desktop and mobile clients must use single sign-on.

Mobile Client

Now let's try the same thing on a mobile device. First let's install the app:


After it's installed, launch the app and you will see the initial page:


I then click on Sign In and on the sign-in page I only entered the email and no password:


At this point it forwarded me to a browser and I logged into my IdP:


After I logged in and showed me the step-up page:


After going through the step-up successfully, it forwarded me back to dropbox, and asked me if I wanted to complete the sign in:


After clicking Allow, the app was able to showed the dropbox content:


And I saw my files:


Same thing with this app, after you login and use step-up you won't do it again, unless you unlink the device.

Linked Device Emails

Throughout my testing, I kept receiving email of successfully linking devices:


and here is the android phone one: