Security control and visibility
We’ve developed a number of tools that empower administrators and IT to customize Dropbox Business to their organization’s particular security control needs. A toolbox of control and visibility features is available via the Dropbox Business admin console and our various user interfaces. We’ve also extended the Dropbox Platform to help businesses integrate Dropbox Business seamlessly into their core IT processes with the Dropbox Business API.
Identity and access management
Directory services integration
Simplify provisioning and deprovisioning by automatically adding and removing users from existing Active Directory or LDAP deployments or through one of our identity management providers.
Single sign-on (SSO)
Streamline authentication by working with one of our officially supported SSO providers or with your own SAML 2.0-compliant solution.
Two-step verification
This security feature adds an extra layer of protection to a user’s Dropbox account. Once two-step verification is enabled, Dropbox will require a six-digit security code or a security key in addition to a password upon sign-in or when linking a new device. Admins can require team members to use two-step verification for their accounts.
Two Dropboxes
Each user can choose to connect a personal and a work Dropbox across all devices to enable clear separation of business and personal data. Admins can enable or block desktop client access to this feature for team members.
Sharing and file controls
With Dropbox Business, admins have comprehensive control of their team's sharing abilities, including whether members can share files, folders, and Paper docs outside the team. If sharing outside the team is enabled, members will still be able to make individual items “team only” as needed. Admins can also disable shared links from the admin console.
Shared file and folder permissions
- Team folders and Paper folders. Admins can create team folders that automatically give groups and other collaborators the correct access level (view or edit) to the content they need. Similarly, admins can create shared Paper folders that give collaborators the correct access level (comment or edit) to Paper docs.
- View-only permissions for shared folders. This access allows members of a shared folder to always see the latest versions of the files without having the ability to edit them.
- Passwords and expirations for shared links. Create boundaries around who can access content through shared links with an owner-defined password, and set an expiration for any shared link to provide temporary access to files or folders.
Recovery and version history
All Dropbox Business customers have the ability to restore lost files and recover previous versions of files up to 180 days old, ensuring changes to important data can be tracked and retrieved.
Permanent delete permissions
The team admin of a Dropbox Business account can limit the ability to permanently delete files and Paper docs to team admins only.
Administrative actions
Track account usage by viewing linked devices and third-party apps, as well as active web sessions. Control team data by terminating any session, deleting local copies of files, and revoking third-party app access to user accounts. As a proactive security measure, admins can reset passwords for the entire team or on a per-user basis.
Unlink devices
Computers and mobile devices connected to user accounts can be unlinked by the admin through the admin console. On computers, unlinking removes authentication data and provides the option to delete local copies of files the next time the computer comes online. On mobile devices, unlinking removes files and Paper docs saved for offline use, cached data, and login information.
Remote wipe
Protect business data when employees leave or in the event of device loss by deleting data and local copies from both computers and mobile devices to prevent unauthorized access.
Account transfer
After deprovisioning a user (either manually or via directory services), admins can transfer files from that user’s account to another user on the team.
Sign in as user
Team admins can sign in as members of their teams. This gives admins access to the files, folders, and Paper docs in team member accounts so that they can troubleshoot issues, share on behalf of team members, or conduct audits of file-level events. (This feature is only available to Dropbox Business teams on an Advanced or Enterprise plan.)
Visibility
Comprehensive audit logs
Dropbox Business admins can generate activity reports at any time for hundreds of events, filtered by date range. Reports are available for individual users or entire team accounts and can be downloaded in CSV (comma-separated values) format or integrated directly into your existing security information and event management (SIEM) tools for analysis using the Dropbox Business API. Admins can also perform targeted investigations with refined filtering and enhanced search directly in the Activity tab. The following information is available to admins in activity reports:
- Passwords. Changes to password or two-step verification settings. Admins do not have visibility into users’ actual passwords.
- Logins. Successful and failed sign-ins to the Dropbox website.
- Admin actions. Changes to settings in the admin console, such as shared folder permissions.
- File events. Changes to files including file adds, edits, moves, downloads, etc.
- Apps. Linking of third-party apps to Dropbox accounts.
- Devices. Linking of computers or mobile devices to Dropbox accounts.
- Sharing. Events for both shared folders and shared links, including creating/joining shared folders and sending/opening shared links to documents. In many cases, reports will specify whether actions involve non-team members.
- Paper activity. Events related to the creation, editing, sharing, and management of Paper docs.
- Membership. Additions to and removals from team.
Additionally, each user can obtain up-to-date information regarding their own account activity when they sign in to the Dropbox website.
Dropbox Business API
We extended the power of the Dropbox Platform to help businesses integrate Dropbox Business into their core IT processes and support custom workflows. Through the Dropbox Business API and our partners, you can enable:
- Identity management & single sign-on (SSO)
- Security information and event management (SIEM) and analytics
- Data loss prevention (DLP)
- Digital rights management (DRM)
- eDiscovery & legal hold
- Data migration and on-premises backup
- Custom workflows enhanced by Dropbox
Learn more about the Dropbox Business API.
Find more details about our control and visibility features in our Dropbox security whitepaper.