1. Configuring the Dropbox Application
  2. About the Dropbox Connector

1 About the Dropbox Connector

Oracle Identity Governance is a centralized identity management solution that provides self service, compliance, provisioning and password management services for applications residing on-premises or on the Cloud. Oracle Identity Governance connectors are used to integrate Oracle identity Governance with the external identity-aware applications.

The Dropbox connector enables you to onboard applications in Oracle Identity Governance for Dropbox.

Note:

In this guide, the connector that is deployed using the Applications option on the Manage tab of Identity Self Service is referred to as an AOB application. The connector that is deployed using the Manage Connector option in Oracle Identity System Administration is referred to as a CI-based connector (Connector Installer-based connector).
From Oracle Identity Governance release 12.2.1.3.0 onward, connector deployment is handled using the application onboarding capability of Oracle Identity Self Service. This capability lets business users to onboard applications with minimum details and effort. The connector installation package includes a collection of predefined templates (XML files) that contain all the information required for provisioning and reconciling data from a given application or target system. These templates also include basic connectivity and configuration details specific to your target system. The connector uses information from these predefined templates allowing you to onboard your applications quickly and easily using only a single and simplified UI.

Application onboarding is the process of registering or associating an application with Oracle Identity Governance and making that application available for provisioning and reconciliation of user information.

The following topics provide a high-level overview of the Dropbox connector:

Note:

In this guide, the term Oracle Identity Governance server refers to the computer on which Oracle Identity Governance is installed.

1.1 Introduction to the Connector

The Dropbox connector enables Oracle Identity Governance to manage Dropbox by using Microsoft Active Directory (AD) as a middleware. Microsoft Active Directory is configured as a user source for performing all of the user management operations (create, update, delete, disable, and enable users) in Dropbox, and the user management data is directly stored in AD.

Note:

The Oracle Identity Governance Connector for Dropbox is referred to as Dropbox connector in this guide. Similarly, the Oracle Identity Governance Connector for Microsoft Active Directory User Management is referred to as OIG AD connector, and the Dropbox Business Active Directory Connector is referred to as Dropbox AD connector.

The Dropbox connector uses the following connectors to synchronize data between Oracle Identity Governance and Dropbox:

Oracle Identity Governance Connector for Microsoft Active Directory User Management

The Oracle Identity Governance Connector for Microsoft Active Directory User Management (OIG AD connector) allows synchronization of the Dropbox user and group information between Oracle Identity Governance and AD. It uses AD as a managed (target) resource of the identity data. The OIG AD connector is configured to run in the account management mode (or target resource management). This mode enables the following operations:

  • Provisioning

    Provisioning involves creating, updating, or deleting users on AD through Oracle Identity Governance. When you allocate (or provision) a Microsoft Active Directory resource to an Oracle Identity Governance User, the operation results in the creation of an account on Microsoft Active Directory for that user. In the Oracle Identity Governance context, the term "provisioning" is also used to mean updates (for example enabling or disabling) made to the AD account through Oracle Identity Governance.

  • Target resource reconciliation

    In target resource reconciliation, data related to newly created and modified accounts on AD can be reconciled and linked with existing Oracle Identity Governance Users and provisioned resources. To perform target resource reconciliation, the Active Directory User Target Recon scheduled job is used.

    Depending on the data that you want to reconcile, you use different scheduled jobs.

For detailed information on the OIG AD connector (such as certified languages, supported connector features, and so on), see About the Microsoft Active Directory User Management Connector in Oracle Identity Governance Configuring the Microsoft Active Directory User Management Application.

Dropbox Business Active Directory Connector

Dropbox uses a lightweight Dropbox Business Active Directory Connector (Dropbox AD connector) behind the firewall to synchronize the Dropbox user and group information between AD and Dropbox directory services.

The Dropbox AD connector automates provisioning of User and Group accounts in Dropbox from AD. These User and Group accounts are included as members of a Microsoft Active Directory group (specified as values of the AD Sync Group attribute of AD), which is used for synchronizing the accounts from AD to Dropbox through the Dropbox AD Connector scheduled task.

For more information on the Dropbox AD connector, visit the Dropbox website at https://www.dropbox.com/, navigate to Help Center, and search for Dropbox Active Directory Connector.

1.2 Certified Components

These are the software components and their versions required for installing and using the Dropbox connector.

Table 1-1 Certified Components

Component Requirement for AOB Application Requirement for CI-Based Connector

Oracle Identity Governance or Oracle Identity Manager
You can use any one of the following releases:

  • Oracle Identity Governance release 12c PS4 (12.2.1.4.0)

  • Oracle Identity Governance 12c (12.2.1.3.0)

You can use one of the following releases of Oracle Identity Governance or Oracle Identity Manager:

  • Oracle Identity Governance release 12c PS4 (12.2.1.4.0)

  • Oracle Identity Governance 12c (12.2.1.3.0)

  • Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0)

Target system

Dropbox

Note: The connector uses Microsoft Active Directory (AD) as a middleware. Therefore, AD is configured as a user source for performing all of the user management operations in Dropbox.

Dropbox

Note: The connector uses Microsoft Active Directory (AD) as a middleware. Therefore, AD is configured as a user source for performing all of the user management operations in Dropbox.

Connector Server

11.1.2.1.0 or 12.2.1.3.0

11.1.2.1.0 or 12.2.1.3.0

Oracle Identity Governance Connector for Microsoft Active Directory User Management

12.2.1.3.0

11.1.1.6.0 or 12.2.1.3.0

Dropbox Business Active Directory Connector

2.0.850300

2.0.850300

1.3 Usage Recommendation

These are the recommendations for the OIG AD connector versions that you can deploy and use depending on the Oracle Identity Governance or Oracle Identity Manager version that you are using.

  • If you are using Oracle Identity Governance 12c (12.2.1.3.0) or later, then use the latest 12.2.1.x version of the OIG AD connector. Deploy the connector using the Applications option on the Manage tab of Identity Self Service.

  • If you are using any of the Oracle Identity Manager releases, as listed in the “Requirement of CI-Based Connector” column of Table 1-1, then use the 11.1.x version of this connector. If you want to use the 12.2.1.x version of this connector, then you can install and use it only in the CI-based mode. If you want to use the AOB application, then you must upgrade to Oracle Identity Governance release 12.2.1.3.0 or later.

    Note:

    If you are using the latest 12.2.1.x version of this connector in the CI-based mode, then see Oracle Identity Manager Connector Guide for Microsoft Active Directory User Management, Release 11.1.1 for complete details on connector deployment, usage, and customization.

1.4 Supported Connector Operations

These are the list of operations that the connector supports for your target system.

Table 1-2 Supported Connector Operations

Operations Supported?

User Management

Create user

Yes

Update user

Yes

Delete user

Yes

Enable user

Yes

Disable user

Yes

Entitlement Grant Management

Create Group

Yes

Update Group

Yes

Assign Group to User

Yes

1.5 Connector Architecture

The user management operations are implemented in Dropbox by using Microsoft Active Directory (AD) as a middleware.

As discussed earlier, the Dropbox connector uses the OIG AD connector and Dropbox AD connector to synchronize the Dropbox user and group information between Oracle Identity Governance, AD, and Dropbox directory services.

Figure 1-1 Architecture of the Dropbox Connector

Description of Figure 1-1 follows
Description of "Figure 1-1 Architecture of the Dropbox Connector"

As shown in Figure 1-1, AD is configured as a target resource of Oracle Identity Governance. The OIG AD connector is a .NET framework-based connector that is implemented using the Identity Connector Framework (ICF) component. The ICF component provides basic reconciliation and provisioning operations that are common to all Oracle Identity Governance connectors. In addition, ICF provides common features that developers would otherwise need to implement on their own, such as connection pooling, buffering, time outs, and filtering. ICF is distributed together with Oracle Identity Governance. Therefore, you do not need to configure or modify ICF.

The Dropbox connector helps in provisioning User and Group accounts in Dropbox through the following two-step process:

  1. The OIG AD connector creates or updates User and Group accounts in AD through the provisioning operations that are performed on Oracle Identity Governance.

  2. The Dropbox AD connector automates provisioning of the User and Group accounts in Dropbox by fetching the attributes from AD and then synchronizing the data with Dropbox through the Dropbox AD Connector scheduled task. Based on the data fetched from AD, the User and Group accounts are automatically created or updated in Dropbox.

Through reconciliation, account data that is created and updated directly on AD is fetched into Oracle Identity Governance and stored against the corresponding Oracle Identity Governance Users.

For more information on the architecture of the OIG AD connector, see Connector Architecture in Oracle Identity Governance Configuring the Microsoft Active Directory User Management Application.

For more information on the Dropbox AD connector, visit the Dropbox website at https://www.dropbox.com/, navigate to Help Center, and search for Dropbox Active Directory Connector.

1.6 Supported Use Cases

Dropbox is a cloud-based application that offers file-hosting services, such as cloud storage, file synchronization, personal cloud, and client software. The Dropbox connector enables Oracle Identity Governance to manage identities and access privileges for Dropbox users and groups.

The following are some of the most common scenarios in which the Dropbox connector can be used:

Dropbox User Management

The Dropbox connector automates provisioning and deprovisioning of Dropbox User accounts. Because Dropbox involves accessing and sharing content with users or groups across various locations, this connector ensures a secure access by granting it to users with appropriate access rights. For example, after a user joins an organization, a Dropbox user account is automatically provisioned to the user based on the predefined access policies in Oracle Identity Governance. Similarly, this account is deactivated after the user leaves the organization.

Dropbox Group Management

The Dropbox connector automates provisioning and deprovisioning of Dropbox Group accounts. You can configure a parent group by adding multiple users or groups (these groups may further include a set of users) in a flat group hierarchy. This configured group is then synchronized with Dropbox, and the associated user and group details are created.

This connector also helps in managing access rights for Dropbox Group accounts by ensuring specific access to various teams or departments in an organization.