Does Dropbox SAML SSO support IdP self-signed certificates?

Ziv

Hello everyone,

I'm integrating Dropbox (as the Service Provider) with our internal IdP using SAML SSO and would like to confirm a few things:

1. Does Dropbox support using a self-signed certificate on the IdP side for signing SAML Assertions or for the certificate uploaded in metadata?
2. If self-signed certificates are supported, what operational or validation considerations should we be aware of? If not supported, what alternatives do you recommend?

Dell_Dropbox

Thanks for your patience @Ziv 

Dropbox SAML SSO does support IdP self signed x.509 certificates. As long as the certificate is provided in standard PEM format and included in your IdP metadata, Dropbox can use it to validate signed SAML assertions.

If you use a self signed certificate, just be sure it is kept up to date and that your team has a process for rotating it before expiration. There is no requirement for the certificate to come from a public certificate authority.

You can find more details about configuring SSO with Dropbox here: https://help.dropbox.com/security/sso-admin