Okta

Configuring Provisioning for Dropbox Business

This guide provides the steps required to configure Provisioning for Dropbox Business, and includes the following sections:

Features

Invited User Administration is supported for the Dropbox Business application.

This enables Okta to:

The following provisioning features are supported:


Prerequisites

Before you configure provisioning for Dropbox Business, make sure you have configured the General Settings and any Sign-On Options for the Dropbox Business app.

Note: Under Sign-On Options you can select the Silent Provisioning. If you select this, you are preventing Dropbox Business from sending welcome emails to new users being provisioned into Dropbox Business from Okta. This feature is mainly to be used with SAML authentication, as users will not receive an email with their Reset Password link.

In order to use the Silent Provisioning feature you must:

  1. Setup SSO in the Dropbox Business admin console. SSO must be set to required in Dropbox.

  2. Claim your corporate domain with Dropbox Business in the Dropbox Business admin console (someone with authority to claim the domain, such as the IT admin can manually verify the domain on Dropbox Business. Verification is done once for each domain).

Once the above steps are complete, the flow from the Okta side is:

  1. The Okta admin provisions Dropbox Business users with Silent Provisioning enabled.

  2. Dropbox Business captures existing personal Basic or Pro users on the corporate domain if it's enabled in the Domain Management tool in the Dropbox Business admin console. For more information, visit the Dropbox Help Articles for Invite Enforcement and Account Capture.

  3. If the user does not already exist in Dropbox Business, they are directed to https://www.dropbox.com/sso to login where they need to get their accounts activated. As these users are not already on Dropbox Business, and Okta hasn’t sent them invitations by email, they need to be notified of this URL by some other means, or they can click on the Dropbox Business application in Okta.

By default the Silent Provisioning option is disabled. That means new users will receive a welcome email. You may switch options at any time.

dropbox1.png

Note: This option works only if provisioning is enabled.

Click Next to take you back to the Provisioning tab.


Configuration Steps

Configure your Provisioning settings for Dropbox Business as follows:

  1. Check the Enable provisioning features box.

  2. API Authentication:

    • Click the Authenticate with Dropbox Business button:

      dropbox2.png

    • You will be redirected to Dropbox Business page, which prompts you to enter your credentials:

      dropboxprovisioning1.png

    • You are then redirected back to OKTA to continue application configuration.

  3. Scroll down and select the Provisioning Features you want to enable.

    dropbox5.png

    If you enable the Deactivate Users provisioning feature, you will see additional Dropbox Business off-boarding features. This off-boarding functionality gives you granular control over user off-boarding and allows you to manage a user's files from Okta.

    Note: By default, Okta removes users from Dropbox Business, wipes their data from linked devices, and does not transfer user's files.

  4. dropbox_new_1.png

  5. Under Dropbox user deactivation type, you can select whether you want to suspend or remove users upon deactivation in Okta. It is highly recommend that you suspend users.

    dropbox_new2.png

  6. Check Wipe data from linked devices, if you want to remove files from a user's Dropbox Business linked devices upon deactivation.

  7. If you selected to Remove users from Dropbox Business upon deactivation, a File management upon user deletion option appears.

    dropbox_new3.png

    • Select Manage file transfer directly in Dropbox Business if you do not want Okta to perform any action on user's files and prefer to manage files directly in Dropbox Business.

    • Select Transfer files to destination team member account if you want to manage file transfer from Okta.

      This process cannot be undone, so it is not generally recommended. The transfer can only happen once.

      If you select this option, you also have to provide the following:

      • Destination team member account to transfer files to.

      • Admin notification account: A person to notify about transfer errors. This must be a team admin.

        Note: Both fields are mandatory and must be active team members.

      dropbox_new4.png

  8. Click Next.

You can now assign people to the app (if needed) and finish the application setup.


Migration

The Dropbox Business App supports Invited User Administration. This means that invited users (including those who have not accepted invitations) can be updated and added to groups via Okta. This functionality was not supported in the old Dropbox Business application.

Feature and Attribute Changes

What are the feature differences between the old Dropbox application and the new Dropbox Business application?

Feature

Dropbox

Dropbox Business

Import New Users

X

X

Push Groups

X

Import Profile Updates

X

X

Push New Users

X

X

Push Profile Updates

X

X

Push User Deactivation

X

X

Reactivate Users

X

Off-boarding (file transfer upon user deactivation)

X

Silent Provisioning

X


What attributes are supported by the old Dropbox application vs. those supported by the Dropbox Business application?

Attribute

Dropbox

Dropbox Business

username

X

X

firstName

X

X

lastName

X

X

email

X

X

permissions

X

Additional Features

Here's a quick glance at the additional features offered in the Dropbox Business integration:

Migration Steps

If you are migrating from the old Dropbox application to the Dropbox Business Application in Okta, follow the recommended migration steps below:

  1. Disable provisioning for old DropBox (at a minimum, turn off user deactivation under the Provisioning tab).

  2. Configure new DropBox Business app instance and enable provisioning for the same new Dropbox org.

    • Select Advanced: Configure Import Matching Rules, then in the EXACT IMPORT MATCH section, select Auto-confirm match.

      dropbox_new1.png

  3. Go to your new DropBox Business app and perform an import new user. All existing users will be auto-confirmed.


Troubleshooting Tips