Salesforce IdP with Dropbox

OPSWAT MetaAccess can be easily integrated with an existing Salesforce Dropbox integration to ensure that a device is compliant with the organization's security policy before it is granted access to Dropbox. This ensures that the device is not only authenticated by the IdP, but also tested for risks and vulnerabilities such as infections or unpatched versions of operating systems, BEFORE it access an organization's cloud services.

To get started with implementing OPSWAT MetaAccess integration to enforce device posture check before granting a device to access Dropbox with Salesforce Single Sign On (SSO) service, you set up SSO between Salesforce and Dropbox. If you haven't already done so, please follow the instruction here to set it up.

You can learn more details for each step here at 3.1.1. How to set it up?

Step 1. Enable Access Control on your MetaAccess account

  1. Login to the MetaAccess console

  2. Navigate to Access Control and then Configurations

  3. Check on the box "Enable access control".

  4. Click SAVE.


Step 2. Add protected applications with IdP Method

  1. Download Salesforce IdP certificate: the next step is importing an Salesforce X.509 certificate to MetaAccess. This allows MetaAccess to verify users signing though a trusted IdP, Salesforce. Each identity provider has a unique X.509 certificate. Download the Salesforce X509 certificate by following these steps:

    1. Login to Salesforce as Administrator

    2. Navigate to Setup > Manage Apps > Connected Apps


    3. Select the Dropbox application to view the application details

    4. On SAML Service Provider Settings section, click on Idp Certificate images/download/attachments/5705835/image2017-10-19_14-35-13.png

    5. Click on Download Certificate to download the Salesforce certificate images/download/attachments/5705835/image2017-10-19_14-36-40.png

  2. Collect Dropbox LoginURL: is a Dropbox single sign-on post back URL of your organization's Dropbox, for example

  3. Collect Dropbox Logout URL: you can find this URL inside of Dropbox

    1. Log into your organization's Dropbox account

    2. Click on your avatar, right click on Sign out and choose Copy link address to get log out URL


    3. Store the log out URL in somewhere for later use

  4. Add the Salesforce Identity Provider. If you already have Salesforce IdP settings on your MetaAccess account, go to 5 to add Dropbox application.

    1. Login to the MetaAccess console

    2. Navigate to Access Control and then Configurations

    3. On the Identity Providers tab, click "Add New Identity Provider" to add your IdP

    4. Fill in required fields for the Identity Provider

      1. Identity Provider: Salesforce

      2. IdP Name: an IdP name, for example: Salesforce

      3. IdP Certificate: upload Salesforce certificate you downloaded in Step 2.1


    5. Click Add IDP

    6. Click SAVE

  5. Add Dropbox application:

    1. Expand the Salesforce IdP settings you have just added in Step 2.4 above.

    2. Click Add New Application

    3. Enter required field

      1. Application: application name, for example: Dropbox

      2. Login URL: application login URL which you have from Step 2.2

      3. Logout URL: application logout URL which you have from Step 2.3

      4. Access Mode: pick an access mode you prefer. See details on the access modes at Step 2. Add protected applications with IdP Method

    4. Click SAVE

  6. After saving your changes sucessfully, click the Setup Instructions button of the Dropbox application you have just added and then copy the URL MetaAccess generated there. This URL is used to replace Dropbox login URL on Salesforce in Step 4.


Note: you can add Dropbox application (step 2.5) when you add Salesforce IdP settings in step 2.4.

Step 3. Configure Access Rules

  1. On MetaAccess console, navigate to Access Control and then Configurations

  2. On Access Rules tab, click "ADD NEW RULE" to add a new rule for this application OR you can update existing access rules to add this application

  3. With a new access rule, you need to specify how you would like to block/allow access a device from the application

    1. Rule name: a rule name, for example Block non-compliant devices

    2. Action: Block or Allow

    3. Configure conditions to do the action. Details at Step 3. Configure Access Rules

  4. Click ADD RULE


Step 4. Update Applications settings on Identity Provider

  1. Login to Salesforce as administrator

  2. Navigate to Setup > Manage Apps > Connected Apps

  3. Select Dropbox application

  4. Click Edit

  5. Replace Start URL and ACS URL with the MetaAccess URL which you got from Step 2.6


  6. Click Save

Step 5. Configure SSO settings on applications

  1. On MetaAccess console, navigate to Access Control > Configurations

  2. Download OPSWAT certificate


  3. Login to Dropbox as an administrator

  4. Navigate to Admin Console > Settings, click Single sign-on


  5. Click on Certificate link and upload the OPSWAT certificate OPSWAT generated for your account (you downloaded in step 5.1)


  6. Click Apply Changes

Step 6: Test your integration

Follow guideline at Step 6: Test your integration to test your integration to verify if it works as your expectation.