Integration Hub Box SSO

Steps to configure SAML SSO for Box

About Box

Box is a powerful intelligent content cloud platform that enhances secure collaboration and content management, leveraging AI to streamline workflows and transform unstructured data into actionable insights.

The following steps will help you enable SSO for Box from Identity360.

Prerequisites

  1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications.
  2. Log in to Identity360 as an Admin, Super Admin, or Technician with a role that has Application Integration and Single Sign-on permissions.
  3. Navigate to Applications > Application Integration > Create New Application, and select Box from the applications displayed.
    Note: You can also find Box from the search bar located at the top.
  4. Under the General Settings tab, enter the Application Name and Description.
  5. Under the Choose Capabilities tab, choose SSO and click Continue.
    Identity360 application configuration General SettingsGeneral Settings of SSO configuration for Box.
  6. Under Inte gration Settings, navigate to the Single Sign On tab and click Metadata Details. Download the metadata by clicking on Download next to the Metadata field. This will be used later during the configuration of Box.
    Identity360 application configuration Integration SettingsIntegration Settings of SSO configuration for Box.

Box (service provider) configuration steps

  1. Use the Box SSO Setup Support Form to have Box help you set up SSO.
  2. Fill in the form with necessary information to setup Identity360 as an Identity Provider (IdP).
  3. Enter your email address and give a brief of your purpose for this form.
  4. Select Other with Metadata from Who is your Identity Provider? drop-down.
  5. Add more details as required about setting up SAML SSO for Box.
  6. Choose Priority as required from the drop-down.
    Box SSO Setup Support FormBox SSO Setup Support Form
  7. Enter Box Subdomain value. For example, xyz.box.com
  8. Under What is the attribute for the user's email?, enter SAML_SUBJECT.
  9. Under Attachments, choose and upload the Metadata File downloaded from Step 6 of the prerequisites.
  10. Click Submit.
    Box SSO Setup Support Form submissionBox SSO Setup Support Form submission
  11. Box support team will process your request and provide you with the necessary information to configure the SSO in Identity360.
  12. It can take up to 24 hours to process the metadata. Once the file has been processed, Box sends a notification to the email address of the main account admin.
Note:

Mandatory SSO

  1. For security reasons, enabling SSO Required (mandatory SSO) is considered a critical action and requires MFA to complete.
  2. Be sure you have tested the SSO login flow before enabling this setting. If you do not test that your SSO credentials are working correctly, you could be locked out of your Box account.

Steps to enable mandatory SSO

  1. Go to Admin Console > Enterprise Settings.
  2. Click the User Settings tab.
  3. In the Enable Single Sign-On (SSO) for All Users section, disable SSO Test Mode and enable SSO Required.
  4. In the Enable SSO Required dialog box, select both checkboxes, then click Enable for All Users.

Identity360 (identity provider) configuration steps

  1. Switch to Identity360's application configuration page.
  2. Enter the Box Subdomain value in SP Identifier field. For example, if Box Sub Domain value is xyz.box.com, then xyz is your SP identifier.
  3. Enter the Relay State parameter, if necessary.
    Note: Relay State is an optional parameter used with a SAML message to remember where you were or to direct you to a specific page after logging in.
  4. Click Save.
    Identity360 application configurationIntegration Settings of SSO configuration for Box.
  5. To learn how to assign users or groups to one or more applications, refer to this page.

Your users will now be able to sign in to Box through the Identity360 portal.

Note: For Box, both SP-initiated and IdP-initiated flows are supported.

Steps to enable MFA for Box

Setting up MFA for Box using Identity360 involves the following steps:

  1. Set up one or more authenticators for identity verification when users attempt to log in to Box. Identity360 supports various authenticators, including Google Authenticator, Zoho OneAuth, and email-based verification codes. Click here for steps to set up the different authenticators.
  2. Integrate Box with Identity360 by configuring SSO using the steps listed here.
  3. Now, activate MFA for Box by following the steps mentioned here.

How does MFA for applications work in Identity360?

  SSO Integration flow diagram  

Don't see what you're looking for?

  •  

    Visit our community  

    Post your questions in the forum.

     
  •  

    Request additional resources  

    Send us your requirements.