Box SAML Configuration

Purpose

Box offers single sign-on via SAML integration with Practice Protect. This provides a seamless login experience to the Box platform using IdP-initiated SAML.

Practice Protect will configure this on your behalf. Please send us an email at support@practiceprotect.com

Pre-requisites

Before you configure the Box web application for SSO, you need the following:

•  Must be on either Business, Business Plus, or Enterprise Plan
• Your own domain registered and verified with Box.
• Active Box Primary Administrator Account (Co-Administrator accounts cannot activate SSO) This can be your account so you don’t have to pay and create for another license account)
• Username/Email for staff should match the login names in Practice Protect.
• Box Metadata File – Box Guide

Instructions

1. Login to your Practice Protect and switch to Admin portal (ex. mydomain.practiceprotect.app)
2. On Core Services, Click on Roles > Add Roles. Create a role and set the name field to “Box SSO Users“. Then Save.
   
3. With the created role, click on Members > Add. Add each member/user that will be part of the SSO. Then Save.
4. From the Apps & Widgets, go to Web Apps section. Then, choose Add Web Apps on the top right corner.
5. On the app catalog, search for “Box” and Add the app Box “SAML + Provisioning”. Hit “Yes” to add the application.
6. The application that you just added opens to the Settings page. Set the Name to “Box SSO” then click Save. Note: You can change the name, category or logo based on your preference.
   
7. Go to Trust page to configure the application.
8. On Identity Provider Configuration, Select Metadata and click “Download Metadata File”|
9. Download the Box Metadata File here.
10. Under Service Provider Configuration click “Choose File” and select the Box Metadata file you downloaded on Step 9
11. Click Save.
12. Proceed to the SAML Response section on the left. Click “Add” and set the following attributes:
    1. Attribute Name as “emailaddress” and Attribute Value as LoginUser.Username
    2. Attribute Name as “last_name” and Attribute Value as LoginUser.LastName
    3. Attribute Name as “first_name” and Attribute Value as LoginUser.FirstName
       
       
13. Then, Save.
14. Return to Box and login as the Primary Administrator.
15. Click here to submit SSO Case for the Box tenant.
16. Fill the following details:Subject: New SSO Set-Up
    Company Box Subdomain: Your Box URL
    Identity Provider:  Other (Practice Protect)
    Metadata File: import/attach downloaded Metadata file from Practice Protect
    Saml Attribute: emailaddress, last_name, & first_name
    
17.  Click Submit.

Enable and Enforce SSO

1. Box support may take up to 2-3 weeks to complete the setup. You can check the status of your case by logging into https://community.box.com 
2. Once Box has responded, sign back in to Box as the Primary Administrator
3. Then, go to Admin Console.
   
4. Go to Enterprise Settings.
   
5. Go to User Settings.
6. Tick the box “SSO Test Mode”
   
   
7. Click “Enable for All Users”
   
   
8. Open a new browser tab and go your designated Box URL Test your login by clicking “Sign in with SSO” . Use Practice Protect credential
   
9. If the login works, we will enforced the SSO login method across the firm.
10.  Go to Step 2 and  tick “SSO Required”
    
     Hit Save to apply changes. 
    
11. Click “Enable for All Users”
12. Return to Box SSO app settings in the Practice Protect Admin Portal.
13. On Permissions settings, add the role which contains the Box users. (i.e. Box SSO Users) and Save.
14. All users are now required to login with their Practice Protect account to access Box.