Dropbox with Azure AD
This demo shows Dropbox protected by XFA with Microsoft Entra ID as the identity provider. Users authenticate with Entra ID, XFA verifies the device against your policy, and Dropbox access continues only when the device decision allows it. Use the flow as a reference before configuring the same pattern in your own environment.
With SAMLv2 integration, XFA Enforcement can check the device security against the device security policy of your organization as part of the authentication process into Dropbox.
The user is first redirected through XFA to the external identity provider (in this case Azure AD) to verify the identity of the user, after which device security is checked before the authentication is completed. This assures that only devices that comply with the security policy are allowed access.