Contact Us
Help Center Home > Apps and Integrations > Integrate with Dropbox

Integrate with Dropbox

Use JumpCloud SAML Single Sign On (SSO) to give your users convenient but secure access to all their web applications with a single set of credentials.

Read this article to learn how to integrate with Dropbox.

Prerequisites:

  • A JumpCloud administrator account.
  • JumpCloud SSO Package or higher or SSO add-on feature.
  • You must be admin of a Dropbox Business team on an Advanced or Enterprise plan.

Important Considerations:

  • Ensure you have sufficient availability of user licenses (seats) in your Dropbox account before provisioning users from JumpCloud.
  • Groups synced with SCIM won't merge with existing groups. Even if they have the same name, they'll be added as new groups.

Warning:

Deleting a user in JumpCloud triggers a no-prompt delete in Dropbox that bypasses Dropbox's native workflow of transferring data to another team member. Ensure you manually transfer necessary files in Dropbox before deleting a user in JumpCloud.

Attribute Considerations:

  • A default set of attributes are managed for users. See the Attribute Mappings section for more details.
  • Groups are supported.

Tip:

Align your JumpCloud user group names with your intended Dropbox folder permissions to simplify access management. 
Example: A group named “Finance” provides no context to a Dropbox Admin regarding which specific folders it should access. A group named “Dropbox-Finance-2025-Editors” clearly indicates the group belongs to the “Finance 2025” folder with “Editor”permissions.

Creating a new JumpCloud Application Integration

  1. Log in to the JumpCloud Admin Portal.

Important:

If your data is stored outside of the US, check which login URL you should be using depending on your region, see JumpCloud Data Centers to learn more.

  1. Go to Access SSO Applications.
  2. Click + Add New Application.
  3. You can also enter the name of the application in the Search field and select it.
  4. You can either select an application from the available list or select Custom Application, and click Next.
  5. Select the required options from the Select Options page and click Next. The Enter General Info page is displayed.
  6. On the Enter General Info page, you can customize the display label, description and how the application displays:
    • Description - add a description that users will see in their user portal
    • User Portal Image - choose Logo or Color Indicator
    • Show in User Portal - select to ensure the app is visible in the user portal
  7. Optionally, expand the Advanced Settings section and customize the IdP URL:
    • Expand Advanced Settings and enter a custom value to replace the default application name in the SSO IdP URL endpoint ( https://sso.jumpcloud.com/saml2/{custom_value})

Warning:

The SSO IdP URL is not editable after the application is created. If you need to change this URL later, you must delete and recreate the connector.

  1. Click Save Application.
  2. Next, click:
    • Configure Application and go to the next section
    • Close to configure your new application at a later time

Configuring SAML SSO Integration for Dropbox

To configure JumpCloud and gather IdP data:

  1. In JumpCloud’s SSO Applications page, select the Dropbox app from the Configured Applications list.
  2. Click the SSO tab.
  3. Add or change any desired attributes in the Attributes section.
  4. Click Save.
  5. Copy and save the IDP URL.

Download the JumpCloud metadata file

  1. If you've closed the app:
    • Find your app in the Configured Applications list and click anywhere in the row to reopen its configuration window
    • Click the SSO tab and click Export Metadata
  2. If you are still on the SSO tab of the app:
    • Click Export Metadata
  3. The JumpCloud-<applicationname>-metadata.xml will be exported to your local Downloads folder.

Tip:

Metadata can also be downloaded from the Configured Applications list. Search for and select the application in the list and then click Export Metadata in the top right corner of the window.

To configure Dropbox and finalize SP setup:

  1. Log in to Dropbox using your Admin credentials.
  2. Click Admin console in the left-hand menu.
  3. Go to Settings > Security.
  4. Under Authentication, ensure that for Single sign-on is set as Optional.

Note:

It's recommended that you initially configure Dropbox SSO to be Optional until you are sure your SSO configuration is working.

  1. Under Identity provider sign-in URL, enter the JumpCloud IDP URL you copied, then click Done.
  2. Under X.509 certificate, click on the field with the default file name.
  3. In the browse window that appears, select and upload the certificate file you downloaded from JumpCloud.
  4. Click Save.

Authorizing User SSO Access

Users are implicitly denied access to applications. After you connect an application to JumpCloud, you need to authorize user access to that application. You can authorize user access from the Applications, Users List or User Groups page. 

To authorize user access from the Application’s page

  1. Log in to the JumpCloud Admin Portal.

Important:

If your data is stored outside of the US, check which login URL you should be using depending on your region, see JumpCloud Data Centers to learn more.

  1. Go to Access > SSO Applications, then select the application to which you want to authorize user access.
  2. Select the User Groups tab. If you need to create a new group of users, see Get Started: User Groups.
  3. Select the check box next to the desired group of users to which you want to give access.
  4. Click Save

To learn how to authorize user access from the Users or User Groups pages, see Authorize Users to an SSO Application.

Validating SSO user authentication workflow(s)

IdP-initiated user workflow

  • Access the JumpCloud User Console
  • Go to Applications and click an application tile to launch it
  • JumpCloud asserts the user's identity to the SP and is authenticated without the user having to log in to the application

SP-initiated user workflow

  • Go to the SP application login - generally, there is either a special link or an adaptive username field that detects the user is authenticated through SSO

Note:

This varies by SP.

  • Login redirects the user to JumpCloud where the user enters their JumpCloud credentials
  • After the user is logged in successfully, they are redirected back to the SP and automatically logged in

Configuring Identity Management via SCIM

To configure JumpCloud and activate SCIM:

  1. In JumpCloud’s SSO Applications page, select the Dropbox app from the Configured Applications list.
  2. Click the Identity Management tab.
  3. Enable management of User Groups and Group Membership in this application is enabled by default. Jump to Attribute Mappings.
  4. Ensure the following attributes are configured to verify attribute mapping: email, firstName, and lastName.
  5. Under Configuration Settings, click Configure
  6. Conditional: If you are not already logged in to your Dropbox Admin Console, you will be redirected to the Dropbox sign-in page.
  7. A Verify Attribute Mappings dialog box will prompt you to verify your attribute mappings before you continue as they cannot be altered later. Click Continue in the dialog box to proceed with the activation.
  8. A toast notification will appear confirming that Dropbox integration is successful. This will reflect in the status indicators in the header.

Attribute Mappings

The Export Attributes Mapping table lists the Required and Optional Mappings that JumpCloud sends to the Service Provider. 

​​Attribute Mapping Requirements:

  • The user's email must be used as the username for Dropbox provisioning.

Important: It's highly recommended you use all optional mappings. This creates a more complete user profile, enabling better automation and more accurate access management within the application.

DropBox User Attributes

JumpCloud Attribute Dropbox User Attribute (SCIM Attribute) Applied
Required Mapping
email userName Create and Update
Optional Mappings
firstName name.givenName Create and Update
lastName name.familyName Create and Update

SCIM Directory Insights Events

The following Directory Insights (DI) events provide visibility into failures and detailed information about the user and group data being added or updated from HR or other external solutions to JumpCloud.

Note:

Customers with no package or the Device Management Package will need to add the Directory Insights à la carte option. Directory Insights is included in all other packages.

SCIM DI Integration Events

Event Name Event Description
idm_integration_activate Logged when an IT admin attempts to activated new SCIM Identity Management integration.
idm_integration_update Logged when an IT admin attempts to update a configured and activated SCIM Identity Management integration.
idm_integration_reauth Logged when an IT admin attempts to change the credentials for an activated SCIM Identity Management integration.
idm_integration_delete Logged when an IT admin attempts to deactivate an activated SCIM Identity Management integration.

SCIM DI User Events

Event Name Event Description
user_create_provision Logged when JumpCloud tries to create a new user in service provider application.
user_update_provision Logged when JumpCloud tries to update an existing user in service provider application.
user_deprovision Logged when JumpCloud tries to change an existing user to inactive in the service provider application.
user_delete_provision Logged when JumpCloud tries to delete an existing user in service provider application.
user_lookup_provision Logged when JumpCloud encounters an issue when trying to lookup a user to determine if the user needs to be created or updated.

SCIM DI Group Events

Important:

These DI events will only be present if SCIM Groups are supported.

Event Name Event Description
group_create_provision Logged when JumpCloud tries to create a new group in service provider application.
group_update_provision Logged when JumpCloud tries to update an existing group in service provider application.
group_delete_provision Logged when JumpCloud tries to delete an existing group in service provider application.

Removing the SSO Integration

Important:

These are steps for removing the integration in JumpCloud. Consult your SP's documentation for any additional steps needed to remove the integration in the SP. Failure to remove the integration successfully for both the SP and JumpCloud may result in users losing access to the application.

To deactivate the SSO Integration

  1. Log in to the JumpCloud Admin Portal.
  2. Go to Access > SSO Applications.
  3. Search for the application that you’d like to deactivate and click to open its details panel. 
  4. Select the SSO tab.
  5. Scroll to the bottom of the configuration.
  6. Click Deactivate SSO
  7. Click save
  8. If successful, you will receive a confirmation message.

To delete the application

  1. Log in to the JumpCloud Admin Portal.

Important:

If your data is stored outside of the US, check which login URL you should be using depending on your region, see JumpCloud Data Centers to learn more.

  1. Go to Access > SSO Applications.
  2. Search for the application that you’d like to delete.
  3. Check the box next to the application to select it.
  4. Click Delete.
  5. Enter the number of the applications you are deleting
  6. Click Delete Application.
  7. If successful, you will see an application deletion confirmation notification.
Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case