Back in February, when Dropbox introduced some new security controls for IT departments, I asked an obvious question: So when are you guys going to work with Active Directory?
Today is that day.
Well, not quite -- but today, Dropbox announced that in the next month, it's going to start supporting the exchange of user authentication data using SAML (Security Assertion Markup Language), the same standard supported by Active Directory.
First, some background. Active Directory (AD) is a Microsoft platform for authenticating and storing basic information about users. It's part and parcel of Windows Server, and is used by many other popular Microsoft products, particularly Exchange. As a result, most big companies (and plenty of smaller ones) use AD -- if you've ever signed on to a Windows PC to get onto your work network, and then been able to get onto other internal resources like email without having to sign in again, there's a good chance that AD was involved.
AD can use SAML to exchange credential information with other authentication systems. For instance, two divisions of a company can "federate" their AD servers, so when users sign on to one network, they can access the other company's internal resources without having to log in again.
In the last few years, a number of cloud-based identity management providers, such as Okta and Ping, have used SAML to connect third-party cloud services with AD. So, for instance, if users log on to their company's AD domain, and the company has connected AD to cloud services like Salesforce, Google Apps, Workday, or Box, the user can get to those resources from their desktop or mobile device without having to log in again. This kind of also lets IT departments add and remove users from these cloud-based services using AD, so they don't have to use a bunch of different tools.
Dropbox now joins the list of cloud services that can be integrated with these service providers. Companies who have built their own federated identity management system around SAML 2.0 can give their users single sign-on to Dropbox as well.
There's still a lot to be done before Dropbox is a fully accepted enterprise tool -- in particular, the new integration doesn't support AD groups, so you can't (for instance) add the entire marketing group to Dropbox in one fell swoop. More generally, Dropbox could still use a lot more granularity for IT departments -- it's not possible to have a single enterprise Drobox account with a bunch of subfolders for different groups, and the permissions could be a lot more granular as well.
But this is a major step toward greater enterprise acceptance, and shows that Dropbox is continuing to expand from its consumer roots. With 100 million active users, that's something for competing enterprise storage providers like Box to keep on top of.