Using SSO AD sync security group

hello we got enable sso using AD sync. we followed the base directions and have it synced up to the BAse DN. we want to use security Groups through for ex we use sso for dropbox and have an AD security group built specifically for the users that need dropbox.
when i add that group to the dn line in the AD config page for the config it breaks . so i then read where you need this ex security_group_dn line but breaks in AD config page. is this something i need to add directly to the config file authproxy.cfg file ? im lost here fyi we dont use a radius server

@ShawnGaston Are you using this configuration? Duo Single Sign-On for Dropbox | Duo Security

You have a Dropbox SSO application in Duo, and you have synced a group into Duo, and you want to ensure that only members of that synced group can access Dropbox via Duo SSO?

To do that you would visit the details page for your Dropbox SSO application in the Duo Admin Panel, scroll down to the “Permitted groups” box, and select that synced AD group.

Learn more about Permitted groups here.

The security_group_dn setting for the Authentication Proxy’s ad_client config is only used when the Authentication Proxy is performing primary LDAP authentication for RADIUS and LDAP applications, and is not applicable at all to Duo SSO authentications.