: Onboard a Dropbox Business App to SSPM
Focus
Focus

Onboard a Dropbox Business App to SSPM

Table of Contents

Onboard a Dropbox Business App to SSPM

Connect a Dropbox Business instance to SSPM to detect posture risks.
To detect posture risks in your Dropbox Business instance, SSPM connects to the instance by using information that you provide. Once SSPM connects, it scans the Dropbox Business instance for misconfigured settings and will continue to run scans at regular intervals.
You can onboard a Dropbox Business app by using OAuth 2.0 authorization or by using Okta SSO.
If you onboard Dropbox Business by using OAuth 2.0, SSPM connects to a Dropbox Business API and uses the API to scan your Dropbox Business instance. During onboarding, SSPM redirects you to log in to Dropbox Business to grant SSPM access to the API scopes that it requires.
If you onboard Dropbox Business by using Okta SSO, SSPM logs in to an administrator account by using Okta SSO credentials that you provide during onboarding. SSPM completes its scans by using data extraction techniques (also known as web scraping). If you connect by using Okta SSO, the Okta account must be configured for multi-factor authentication (MFA) using one-time passcodes.

Onboard a Dropbox Business App to SSPM Using OAuth 2.0

Connect a Dropbox Business instance to SSPM to detect posture risks.
For SSPM to detect posture risks in your Dropbox Business instance, you must onboard your Dropbox Business instance to SSPM. Through the onboarding process, SSPM connects to a Dropbox Business API and, through the API, scans your Dropbox Business instance for misconfigured settings. If there are misconfigured settings in your Dropbox Business instance, SSPM suggests a remediation action based on best practices.
SSPM gets access to your Dropbox Business instance through OAuth 2.0 authorization. During the onboarding process, you are prompted to log in to Dropbox Business and to grant SSPM the access it requires.
To onboard your Dropbox Business instance, you complete the following actions:
  1. Identify the Administrator Account for Granting SSPM Access.
    During the onboarding process, SSPM redirects you to the Dropbox Business login page. After you log in, Dropbox will prompt you to grant SSPM the access it needs to your Dropbox Business instance.
    After SSPM establishes the connection, it will perform an initial scan of your Dropbox Business instance, and will then run scans at regular intervals of approximately 30 minutes. For SSPM to run these scans, the administrator account that you use to establish the initial connection must remain available. For this reason, we recommend that you use a dedicated service account to grant SSPM access. If you delete the service account, the scans will fail and you will need to onboard Dropbox Business again.
    1. Verify that your account has the permissions that SSPM will require.
      Required Permissions: To grant SSPM the access that it requires, you must log in with an account that has Team Admin permissions.
    2. Log out of all Dropbox Business accounts.
      Logging out of all Dropbox Business accounts helps ensure that you log in under the correct account during the onboarding process. Some browsers can automatically log you in by using saved credentials. To ensure that the browser does not automatically log you in to the wrong account, you can turn off any automatic log-in option or clear your saved credentials. Alternatively, you can prevent the browser from using saved credentials by opening the Cloud Management Console in an incognito window.
  2. Connect SSPM to Your Dropbox Business Instance.
    By adding a Dropbox Business app in SSPM, you enable SSPM to connect to your Dropbox Business instance.
    1. From the Add Application page (Posture SecurityApplicationsAdd Application ), click the Dropbox Business Beta tile.
    2. On the Posture Security tab, Add New instance.
    3. Select the option to Log in with Credentials.
    4. Connect.
      SSPM redirects you to the Dropbox Business login page.
    5. Enter the credentials for the Dropbox Business account that you identified earlier, and log in to Dropbox Business.
      Dropbox Business displays a consent form that details the access permissions that SSPM requires.
    6. Review the consent form and allow access.

Onboard a Dropbox Business App to SSPM Using Okta SSO

Connect a Dropbox Business instance to SSPM to detect posture risks.
For SSPM to detect posture risks in your Dropbox Business instance, you must onboard your Dropbox Business instance to SSPM. Through the onboarding process, SSPM logs in to Dropbox Business using administrator account credentials. SSPM uses this account to scan your Dropbox Business instance for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
SSPM gets access to your Dropbox Business instance by using Okta SSO credentials that you provide during the onboarding process. For this reason, your organization must be using Okta as an identity provider. The Okta account must be configured for multi-factor authentication (MFA) using one-time passcodes.
To onboard your Dropbox Business instance, you complete the following actions:
  1. Collect Information for Accessing Your Dropbox Business Instance
    To access your Dropbox Business instance, SSPM requires the following information, which you will specify during the onboarding process.
    ItemDescription
    User emailAn email address of an Okta user account.
    Required Permissions: The user must be assigned to the Team Admin role.
    PasswordThe password for the Okta user account.
    Okta DomainThe Okta subdomain for your organization. The subdomain was included in the login URL that Okta assigned to your organization.
    MFA Secret KeyA key that is used to generate one-time passcodes for multi-factor authentication.
    As you complete the following steps, make note of the values of the items described in the preceding table. You will need to enter these values during onboarding to access your Dropbox Business instance from SSPM.
    1. Identify the Okta user account that SSPM will use to access your Dropbox Business instance. The user account must be assigned to the Team Admin role in Dropbox Business. SSPM needs this administrator access to monitor your Dropbox Business instance.
      Remember which account you will use to access your Dropbox Business instance through Okta SSO authentication from SSPM. You will provide the login credentials to SSPM during the onboarding process.
  2. Connect SSPM to Your Dropbox Business Instance.
    By adding a Dropbox Business app in SSPM, you enable SSPM to connect to your Dropbox Business instance.
    1. From the Add Application page (Posture SecurityApplicationsAdd Application ), click the Dropbox Business tile.
    2. On the Posture Security tab, Add New instance.
    3. Select the option to Log in with Okta.
    4. Enter the user credentials, Okta domain, and MFA secret key for accessing your Dropbox Business instance and Connect.