watermint toolbox - The multi-purpose utility command-line tool for web services

dropbox team member clear externalid

Remove external ID mappings from team members, useful when disconnecting from identity management systems

Bulk removes external IDs from team members listed in a CSV file. Essential when migrating between identity providers, cleaning up after SCIM disconnection, or resolving ID conflicts. Does not affect member access, only removes the external identifier mapping.

Security

watermint toolbox stores credentials into the file system. That is located at below path:

OS Path
Windows %HOMEPATH%\.toolbox\secrets (e.g. C:\Users\bob.toolbox\secrets)
macOS $HOME/.toolbox/secrets (e.g. /Users/bob/.toolbox/secrets)
Linux $HOME/.toolbox/secrets (e.g. /home/bob/.toolbox/secrets)

Please do not share those files to anyone including Dropbox support. You can delete those files after use if you want to remove it. If you want to make sure removal of credentials, revoke application access from setting or the admin console.

Please see below help article for more detail:

  • Dropbox for teams: https://help.dropbox.com/installs-integrations/third-party/business-api#manage

Auth scopes

Description
Dropbox for teams: View and manage your team membership
Dropbox for teams: View basic information about your team including names, user count, and team settings

Authorization

For the first run, tbx will ask you an authentication with your Dropbox account. Please copy the link and paste it into your browser. Then proceed to authorization. After authorization, Dropbox will show you an authorization code. Please copy that code and paste it to the application.


watermint toolbox xx.x.xxx
==========================

© 2016-2025 Takayuki Okazaki
Licensed under open source licenses. Use the `license` command for more detail.

1. Visit the URL for the auth dialogue:

https://www.dropbox.com/oauth2/authorize?client_id=xxxxxxxxxxxxxxx&response_type=code&state=xxxxxxxx

2. Click 'Allow' (you might have to login first):
3. Copy the authorization code:
Enter the authorization code

Installation

Please download the pre-compiled binary from Latest Release. If you are using Windows, please download the zip file like tbx-xx.x.xxx-win.zip. Then, extract the archive and place tbx.exe on the Desktop folder. The watermint toolbox can run from any path in the system if allowed by the system. But the instruction samples are using the Desktop folder. Please replace the path if you placed the binary other than the Desktop folder.

Usage

This document uses the Desktop folder for command example.

Run

Windows:

cd $HOME\Desktop
.\tbx.exe dropbox team member clear externalid -file /PATH/TO/member_list.csv

macOS, Linux:

$HOME/Desktop/tbx dropbox team member clear externalid -file /PATH/TO/member_list.csv

Note for macOS Catalina 10.15 or above: macOS verifies Developer identity. Currently, tbx is not ready for it. Please select “Cancel” on the first dialogue. Then please proceed “System Preference”, then open “Security & Privacy”, select “General” tab. You may find the message like:

“tbx” was blocked from use because it is not from an identified developer.

And you may find the button “Allow Anyway”. Please hit the button with your risk. At second run, please hit button “Open” on the dialogue.

Options:

-file
Path to data file
-peer
Account alias. Default: default

Common options:

-auth-database
Custom path to auth database (default: $HOME/.toolbox/secrets/secrets.db)
-auto-open
Auto open URL or artifact folder. Default: false
-bandwidth-kb
Bandwidth limit in K bytes per sec for upload/download content. 0 for unlimited. Default: 0
-budget-memory
Memory budget (limits some feature to reduce memory footprint). Options: low, normal. Default: normal
-budget-storage
Storage budget (limits logs or some feature to reduce storage usage). Options: low, normal, unlimited. Default: normal
-concurrency
Maximum concurrency for running operation. Default: Number of processors
-debug
Enable debug mode. Default: false
-experiment
Enable experimental feature(s).
-extra
Extra parameter file path
-lang
Display language. Options: auto, en, ja. Default: auto
-output
Output format (none/text/markdown/json). Options: text, markdown, json, none. Default: text
-output-filter
Output filter query (jq syntax). The output of the report is filtered using jq syntax. This option is only applied when the report is output as JSON.
-proxy
HTTP/HTTPS proxy (hostname:port). Please specify DIRECT if you want to skip setting proxy.
-quiet
Suppress non-error messages, and make output readable by a machine (JSON format). Default: false
-retain-job-data
Job data retain policy. Options: default, on_error, none. Default: default
-secure
Do not store tokens into a file. Default: false
-skip-logging
Skip logging in the local storage. Default: false
-verbose
Show current operations for more detail.. Default: false
-workspace
Workspace path

File formats

Format: File

Email addresses of team members

Column Description Example
email Email address of the member john@example.com

The first line is a header line. The program will accept a file without the header.

email
john@example.com

Results

Report file path will be displayed last line of the command line output. If you missed the command line output, please see path below. [job-id] will be the date/time of the run. Please see the latest job-id.

OS Path pattern Example
Windows %HOMEPATH%\.toolbox\jobs\[job-id]\reports C:\Users\bob.toolbox\jobs\20190909-115959.597\reports
macOS $HOME/.toolbox/jobs/[job-id]/reports /Users/bob/.toolbox/jobs/20190909-115959.597/reports
Linux $HOME/.toolbox/jobs/[job-id]/reports /home/bob/.toolbox/jobs/20190909-115959.597/reports

Report: operation_log

This report shows the transaction result. The command will generate a report in three different formats. operation_log.csv, operation_log.json, and operation_log.xlsx.

Column Description
status Status of the operation
reason Reason of failure or skipped operation
input.email Email address of the member
result.team_member_id ID of user as a member of a team.
result.email Email address of user.
result.email_verified Is true if the user’s email is verified to be owned by the user.
result.status The user’s status as a member of a specific team. (active/invited/suspended/removed)
result.given_name Also known as a first name
result.surname Also known as a last name or family name.
result.familiar_name Locale-dependent name
result.display_name A name that can be used directly to represent the name of a user’s Dropbox account.
result.abbreviated_name An abbreviated form of the person’s name.
result.member_folder_id The namespace id of the user’s root folder.
result.external_id External ID that a team can attach to the user.
result.account_id A user’s account identifier.
result.persistent_id Persistent ID that a team can attach to the user. The persistent ID is unique ID to be used for SAML authentication.
result.joined_on The date and time the user joined as a member of a specific team.
result.invited_on The date and time the user was invited to the team
result.role The user’s role in the team (team_admin, user_management_admin, support_admin, or member_only)
result.tag Operation tag

If you run with -budget-memory low option, the command will generate only JSON format report.

In case of a report becomes large, a report in .xlsx format will be split into several chunks like follows; operation_log_0000.xlsx, operation_log_0001.xlsx, operation_log_0002.xlsx, …

}