Last updated on February 15, 2024
MFA for Dropbox is a multi-layered type of authentication that requires more than just the username and password to gain access to Dropbox accounts. Dropbox MFA requires users to complete one or more additional authentication methods, such as Mobile Push, TOTP, or U2F security key.
Overview of Dropbox MFA
The purpose of this document is to enable Rublon Multi-Factor Authentication on Dropbox. To achieve that, you must configure Single Sign-On in Dropbox using Rublon Access Gateway. Please follow the steps below.
Supported Authentication Methods
Configuration of Dropbox MFA
Add a new application in Rublon Access Gateway
1. Open Rublon Access Gateway as an admin, and go to Applications → Add Application.
2. Fill in all the necessary data. The list of correct values is presented below:
- Application name: Dropbox APP
- Entity ID: Dropbox
- Assertion Consumer Service: https://www.dropbox.com/saml_login
- Single Logout Service: https://www.dropbox.com/logout
- NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- NameID attribute: mail
- Signature algorithm: sha-256
- Uncheck Validate AuthnRequest
- Check Sign response
- Add a certificate for signing; this certificate should be unique for your organization. You can use the certificate downloaded by clicking DOWNLOAD CERTIFICATE in the Information for configuring applications with Rublon Access Gateway section of the Applications → All applications tab or use any other certificate of your choice.
3. Click the SAVE button to add this new application to Rublon Access Gateway.
Turn on Single Sign-On in Dropbox
1. Log in to Dropbox as an admin, go to Admin console → Settings → Single sign-on, and select Optional or Required. Let’s choose Optional in this example.
2. All the requested information on this Settings page should be copied from Rublon Access Gateway (the complete application information). See the picture and table below for more details. The next steps provide more information about what has to be copied, too.
| Rublon Access Gateway | Dropbox |
| SSO URL | Identity provider sign-in URL |
| Logout URL | Identity provider sign-out URL (optional) |
| The certificate you set in Applications->Add application->Certificate for signing | X.509 certificate |
3. Add the Identity provider sign-in URL by clicking the Add sign-in URL hyperlink. A dialog will open. Provide the URL, and click the DONE button. You can get this value from the SSO URL field in the Information for configuring applications with Rublon Access Gateway section of the Applications → All applications tab in the Rublon Access Gateway.
Optionally, you can also add Identity provider sign-out URL (optional), whose value can be taken from the Logout URL field situated right under the SSO URL field in Rublon Access Gateway.
4. If you decide to add the Identity provider sign-out URL (optional), please remember to add this line to the URL link:
?ReturnTo=www.dropbox.com
For example:
https://example/saml2/idp/SingleLogoutService.php?ReturnTo=www.dropbox.com
It’s essential as the logout option does not work correctly without it.
5. For the X.509 certificate, please add the exact same certificate you have added in Rublon Access Gateway under Applications → Add application → Certificate for signing.
6. Save your configuration in Dropbox by clicking Save at the bottom of the page, and copy the value of SSO sign-in URL as it will be used in the next section of this document to log in to Dropbox by SSO.
How SSO works with Rublon Dropbox MFA
1. Open your browser and navigate to the SSO sign-in URL that you can find in your Dropbox settings:
2. You should be redirected to the Rublon Access Gateway login page.
3. Provide your username and password. A window will appear with a selection of various 2FA methods from Rublon.
4. In this example, let’s use the Email Link 2FA method (first icon on the left). Select it, and you should receive an email from Rublon. Confirm your login by clicking the link provided in the email.
5. One of the options in the Rublon 2FA window is to Remember this device. Check it, and you will not be required to go through Rublon Authentication during your next login to Dropbox.
6. After selecting the desired 2FA method, you will be presented with a window like the one below.
7. Once you have confirmed your login using the chosen 2FA method, you will see a window from Dropbox with your login confirmation.
6. This is the last step of your login process. After clicking continue on the presented page, you will be successfully logged in to your Dropbox account.
Troubleshooting
If you encounter any issues with your Rublon integration, please contact Rublon Support.
