Is it possible to create active users in a business account?

Hi Francisco,

A Dropbox account is created for each invited user, whether or not the send_welcome_email parameter is set. So your users should be able to access their account at any time after your app successfully calls the team/members/add endpoint.

Leah

Hi Leah,

Thanks for your answer. I probably did not ask the question correctly. My real question is... 

Is it possible to add an active user without having him/her accepting the invitation? If this is the case, is there any constraint for the API V1? Added users through V1 are always marked as "pending" and they are not able to access dropbox until they go and accept the invitation. Is this something V2 changed and now works fine creating "active" users instead of pending ones?

Regards,
Francisco.

Hi Francisco,

Thanks for the clarification. It's not possible to create an active user via API v1 or v2 without any action on the user's behalf.

A user isn't considered active until they have accessed their account for the first time. Your users will need to create a password or log in with single sign-on to activate their accounts.

Leah

Hi Leah,

Thanks again for your reply. Actually my users are trying to login in DropBox using their SSO accounts.

When they try to login from there they are getting the error "You aren't a member of this team. Please reach out to your admin for help.". Also, in DropBox activity I see this error message
"SSO Login Failed: SAML Response contained an unauthorized user.". The user who is trying to authenticate through SSO(SAML) has the "invited" status.

Do you have any idea of what we are missing here?

Thanks in advance,
Francisco.

I've checked with the team and users created via the API are expected to have the "invited" status. It's unlikely the login is failing due to the Dropbox account status, but could be an issue with SAML. I'll keep looking into this and follow up with you as I have more information but in the meantime, maybe check that SSO is working properly on your end?

Hi Leah,

I appreciate your help. I think it is alright on our side unless I am missing something that is not documented anywhere. I configured my DropBox business account to work with SSO as in the documentation. The SAML assertion is working fine in my SSO system for other apps as well. Wondering if you have any update on your side that help us to figure this out...

It is interesting that once I turn on SSO and configure SAML in DropBox side and I accept the invitation for the provisioned email, the user is able to login fine using the SSO application with SAML assertion.

I think this is mostly all about the pending state that the user stays in until they accept the invitation or something related to the API version we are using(V1)? Probably I am missing something else really obvious that I can not see easily? hehe

Thanks,
Francisco.

Hi Francisco, apologies for the delay! We've heard back from the team, and it sounds like the cause here is that invited members can only join through SSO if the domain has been verified. 

Hi Gregory, thanks for the reply. I am working with OneLogin to fix this. So, how would I verify onelogin.com in my business test account? I dont think we want to verify onelogin.com for every single customer, right? Is there a way to whitelist the domain from your side so that all the OneLogin customers are able to login right after being provisioned(created on DropBox)? They will be using SAML and OneLogin SSO application all the time so we do not want our customers to register the domain themselves. How would that work in this case?

I am kind of confused now. Is it possible to contact someone from Engineering team to figure it out?

Thank you very much!,
Francisco.

This is moving beyond the scope of API support now, so I'm afraid I'm not the best person to help with this. Please contact Dropbox for Business support for further help with team and SSO setup:

https://www.dropbox.com/support