Dropbox

Configuring the Veza integration for Dropbox

Overview

The Dropbox integration enables discovery of users, groups, folders, and files within a Dropbox Business account. Veza parses group memberships and permissions to show the full range of user access on the cloud-based content management, collaboration and file sharing service.

  • Access Reviews: Review user and group access to files and folders in Dropbox

  • Search: Search for users based on permission type or group membership

  • Rules and Alerts: Create rules for alerts when users are added to critical groups or new users gain access to sensitive folders

See notes and supported entities for more details.

Configuring Dropbox

Early Access: The Dropbox integration is currently provided on an early access basis. To prevent errors when authenticating with Dropbox, contact our support team to ensure the application is enabled for your Veza tenant.

Veza connects to Dropbox with an OAuth 2.0 authentication flow. You will log in to Dropbox to approve permissions for the Veza application as part of adding the integration in Veza.

Individual Permissions:

  • View information about members' Dropbox files and folders

  • View members' Dropbox sharing settings and collaborators and manually added Dropbox contacts

  • View basic information about members' Dropbox account such as username, email, and country

Team Permissions:

  • View content of and information about your team's files and folders and view and edit governance data of your team's files and folders

  • View your team group membership and team membership

  • View structure of your team's and members' folders

  • View basic information about your team including names, user count, and team settings

Configuring Dropbox on the Veza Platform

To add a Dropbox account for discovery:

  1. In Veza, go to the Integrations page.

  2. Click Add Integration and search for Dropbox. Choose it and click Next to add an integration.

  3. Enter the required information

  4. Click Authorize to approve the connection in Dropbox. Log in as a Dropbox administrator and click Allow to enable the integration.

  5. Click Create Integration to save the configuration.

FieldNotes

Insight Point

Choose whether to use the default data plane or a deployed Insight Point.

Name

A friendly name to identify the unique integration.

Gather Private Folders

If true, enable discovery of personal folders

Notes and Supported Entities

A Dropbox Business account (Dropbox Team) is the top level entity. A team has users (members) who can share their files and folders (resources). Permissions on the shared item can be Editor or Viewer. Users can belong to groups, which can also have permissions on files and folders.

Veza shows team-owned (or account level) folders in addition to user’s folders.

Veza creates the following Authorization Graph entities to model authorization in Dropbox:

Dropbox Tenant

Top-level entity representing a Dropbox Team.

  • Tenant Unique ID: Dropbox Team ID (e.g dbtid:asdasdaskjdnajksdakjdkasgAQDLO_eiMaQ)

Dropbox User

  • Created at: Timestamp when the user account was created

  • User Unique Id: Unique identifier for the user

  • Email: User's email address

  • Groups: List of groups the user belongs to

  • Identity Unique Id: Unique identifier for the user's identity

  • Is active: Boolean indicating if the user account is active or not

Dropbox Group

  • Group Unique ID: Unique identifier for the group

Dropbox Group Membership

Represents a User > Group assignment in Dropbox.

Dropbox Permission

  • Permissions: Can be owner, editor, viewer, viewer_no_comment, traverse, other.

Dropbox Folder

The Dropbox Folder entity represents a folder in the Dropbox file system.

Last updated