May 22, 2013 (09:05 AM EDT)
Dropbox Adopts Single Sign-On Technology
Read the Original Article at InformationWeek
Effective immediately, any off-the-shelf or homegrown identity management system that's compatible with SAML can be configured to automatically sign users into Dropbox.
"SSO lets users sign in just once to a central identity provider, like Active Directory, and securely gain access to all of their business apps," said Dropbox engineer Alex Allain in a blog post. "And because a company's existing trusted identity provider is in charge of the authentication process, admins don't have to worry about managing multiple applications."
[ Social log-ins a la Facebook are becoming more common. Read Google Taunts Facebook With Sign-In Challenge. ]
Dropbox claims it's used in 2 million unique businesses, and 95% of the Fortune 500 companies. Tying cloud services like Dropbox into an enterprise Active Directory or LDAP server enables IT managers to centrally provision users; for example, they can give users access to specific services when they're hired, offer role-based access, and ensure that access gets immediately discontinued for employees who leave the company.
Centralized provisioning also lets businesses enforce password policies to ensure that users choose strong passwords, and lets them require access using two-factor authentication, adaptive authentication, or other multi-factor approaches.
To make it easier for businesses to use Dropbox SSO, the company has worked with multiple identity management companies, including Centrify, Okta, OneLogin, Ping Identity and Symplified, to integrate their services with Dropbox.
Dropbox's approach to SSO, announced last month, is based on SAML, an XML-based standard for transmitting authentication and authorization information via the Internet that's designed to allow users to authenticate once, then access any SAML-compatible service, whether it's located on the premises or hosted in the cloud.
"By adopting this open standard, Dropbox is making life easier for end users while at the same time allowing IT to tightly control employee access to the application -- which is the biggest advantage of the SAML standard," said Thomas Pedersen, CEO of OneLogin, in a blog post. He said his company's related offering, OneLogin for Dropbox, is free, although adding additional applications and capabilities costs extra.
"When a company like Dropbox jumps on the SAML bandwagon, it becomes a significant validation that cloud application security and ease of use can be mutually reinforcing," Pedersen said. "IT departments and end users both win."