This section describes how to integrate Dropbox with RSA Cloud Authentication Service using My Page SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure

1. Sign in to the RSA Cloud Administration Console with administrator credentials.
2. Enable SSO on the My Page portal by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected by two-factor authentication using a Password and Access Policy.                                                            
3. On the Applications > Application Catalog page, search for Dropbox, and click Add to add the connection.                                             
4. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.                                                 
5. On the Connection Profile page, click the IdP-initiated option.                                                                                                                      
6. Provide the Service Provider details in the following format: 
   1. ACS URL: <Dropbox ACS URL>
   2. Service Provider Entity ID: <Dropbox Entity ID>
      See the Notes section for instructions on how to obtain ACS URL and Entity ID.                                                                             
7. In the SAML Response Protection section, choose IdP signs entire SAML response.
8. Download the certificate by clicking Download Certificate.                                                                                                                             
9. Click Show Advanced Configuration.
10. Under the User Identity section, configure Identifier Type and Property. For example, Identifier Type: emailAddress and Property: mail.                                                                                                                                                       
11. Choose your desired Access Policy for this application and click Next Step > Save and Finish.                                                                
12. On the My Applications page, click the Edit drop-down list, and click Export Metadata to download the metadata.                                  
13. Click Publish Changes. Your application is now enabled for SSO.                                                                                                                 

Notes

• The Dropbox post-back URL (also called the Assertion Consumer Service URL) is https://www.dropbox.com/saml_login
• The Service Provider Entity ID (Dropbox Entity ID) is Dropbox.
• Dropbox requires that the NameID contain the user’s email address: Format="urn: oasis: names:tc: SAML:1.1: nameid-format: emailAddress"
• Dropbox requires the entire SAML response to be signed.

Configure Dropbox

Perform these steps to configure Dropbox.
Procedure

1. Sign in to Dropbox using Advanced or Enterprise credentials -  https://www.dropbox.com/login.
2. Click Admin console.                                                                                                                                                                                    
3. Navigate to Settings > Authentication > Single sign-on.                                                                                                                            
4. To enable Single sign-on, click the Single sign-on drop-down list, and select the Optional or Required option.                                 
5. Add the Identity provider sign-on URL and X.509 certificate:
   1. Identity provider sign-on URL: This URL can be obtained from your Identity Provider.
   2. X.509 certificate: Upload the certificate downloaded from the Identity Provider.                                                                    
6. Click Save.                                                                                                                                                                                                 

The configuration is complete.
Return to Dropbox - RSA Ready Implementation Guide.