Box offers both IdP-initiated SAML SSO (for SSO access through the user portal or mobile applications) and SP-initiated SAML SSO (for SSO access directly through the Box web application). You can configure Box for either or both types of SSO.
Box requirements for SSO
Before you configure the Box web application for SSO, you need the following:
- Your own domain registered and verified with Box.
- Box Primary Administrator Account (Co-Administrator accounts cannot activate SSO)
- All User Accounts Including the Box Administrator Account have a Practice Protect Account
- All Users email Addresses in Practice Protect match their Username in Box
- Box Metadata File – Box Guide
Configuring Box for SSO
1.In Admin Portal, click Apps, then click Add Web Apps.
The Add Web Apps screen appears.
2. Search “Box”.
3. Chose Box “SAML + Provisioning” application click Add.
4. In the Add Web App screen, click Yes to add the application.
Admin Portal adds the application.
5. Click Close to exit the Application Catalog.
The application that you just added opens to the Settings page.
6. Click Trust page to begin configuring the application.
7. Click “Download Metadata File”
8. Now download the Box Metadata File here.
9. Under Service Provider Configuration click “Choose File” and select the Box Metadata file you just downloaded.
10 Now click “Save”
11.Now click “Saml Response” on the left.
12.Click “Add” and set Attribute Name as “Email Address” and Attribute Value as “LoginUser.Username”
13. Click Save
14. Now login to Box as the Primary Administrator.
15. Click here to submit SSO Case for the Box tenant.
Fill in the following details:
Subject: New SSO Set-Up Company Box Subdomain: Your Box URL Identity Provider: Other Metadata File: The downloaded Metadata file from Practice Protect Saml Attribute: Email Address
16. Click Submit
17. Box support make take 2-3 weeks to complete on their side. You can check the status of your case by logging into https://community.box.com
18. Once Box has responded log back into Box as the Primary Administrator
19. Go to Admin Console.
20. Go to Enterprise Settings.
21. Go to User Settings.
22. Tick the box “SSO Test Mode”
23. Click “Enable for All Users”
24. Now in a fresh browser window go to the Box URL. at the bottom click “Sign in with SSO” and test login via Practice Protect.
25. Now have all users test SSO login. Once all users have tested continue below:
26. Now tick “SSO Required” and click “Save”.
27. Click “Enable for All Users”
28. All users are now required to login with their Practice Protect account to Box.