1 of 1

Dropbox

Configuring the Veza integration for Dropbox

Overview

The Dropbox integration enables discovery of users, groups, folders, and files within a Dropbox Business account. Veza parses group memberships and permissions to show the full range of user access on the cloud-based content management, collaboration and file sharing service.

Access Reviews: Review user and group access to files and folders in Dropbox
Search: Search for users based on permission type or group membership
Rules and Alerts: Create rules for alerts when users are added to critical groups or new users gain access to sensitive folders

See notes and supported entities for more details.

Configuring Dropbox

Veza connects to Dropbox with an OAuth 2.0 authentication flow. You will log in to Dropbox to approve permissions for the Veza application as part of adding the integration in Veza.

Individual Permissions:

View information about members' Dropbox files and folders
View members' Dropbox sharing settings and collaborators and manually added Dropbox contacts
View basic information about members' Dropbox account such as username, email, and country

Team Permissions:

View content of and information about your team's files and folders and view and edit governance data of your team's files and folders
View your team group membership and team membership
View structure of your team's and members' folders
View basic information about your team including names, user count, and team settings

Configuring Dropbox on the Veza Platform

To add a Dropbox account for discovery:

In Veza, go to the Integrations page.
Click Add Integration and search for Dropbox. Choose it and click Next to add an integration.
Enter the required information
Click Authorize to approve the connection in Dropbox. Log in as a Dropbox administrator and click Allow to enable the integration.
Click Create Integration to save the configuration.

Field

Notes

Insight Point

Choose whether to use the default data plane or a deployed Insight Point.

Name

A friendly name to identify the unique integration.

Gather Private Folders

If true, enable discovery of personal folders

Notes and Supported Entities

A Dropbox Business account (Dropbox Team) is the top level entity. A team has users (members) who can share their files and folders (resources). Permissions on the shared item can be Editor or Viewer. Users can belong to groups, which can also have permissions on files and folders.

Veza shows team-owned (or account level) folders in addition to user’s folders.

Veza creates the following Authorization Graph entities to model authorization in Dropbox:

Dropbox Tenant

Top-level entity representing a Dropbox Team.

Tenant Unique ID: Dropbox Team ID (e.g dbtid:asdasdaskjdnajksdakjdkasgAQDLO_eiMaQ)

Dropbox User

Created at: Timestamp when the user account was created
User Unique Id: Unique identifier for the user
Email: User's email address
Groups: List of groups the user belongs to
Identity Unique Id: Unique identifier for the user's identity
Is active: Boolean indicating if the user account is active or not

Dropbox Group

Group Unique ID: Unique identifier for the group

Dropbox Group Membership

Represents a User > Group assignment in Dropbox.

Dropbox Permission

Permissions: Can be owner, editor, viewer, viewer_no_comment, traverse, other.

Dropbox Folder

The Dropbox Folder entity represents a folder in the Dropbox file system.