This article outlines the information and steps you need to take in order to configure Box to use the LogoBox SAML Identity Provider. Once configured your users will be redirected to your LogonBox Server to authenticate.
There are two parts to this article, configuring your LogonBox server and configuring the Box service which is performed by Box. You will need to fill in a Box questionaire with all relevant details taken from your LogonBox server instance to allow them to set your account up. Note that Box SSO is only available on Business accounts and above.
Step 1 - Create the Resource from the Template
Log into your server as admin and navigate to Identity Services->SAML. Click Search Templates and select the Box SAML template and click Next.
You will be asked for your Box subdomain which you can find from your Box admin account under Admin Console->Company & Branding->Custom URL.
Enter the subdomain only, for example, 'example' and not the full URL.
Click Next where you can click on the Go to Article link to open this article in a separate browser window if needed. Click the X to return to the SAML list of resources where your Box SAML resource should now be present.
Step 2 - Download SAML metadata
You will need to download the SAML metadata to configure Box. In the table of SAML resources locate the Box SAML resource, and click the gears icon to activate the dropdown. Select Download Metadata; this is an XML file that contains information about the Identity Provider and its access points.
Step 3 - Complete the Box Questionaire
Once you have setup the SAML resource on your server you will now need to log into your Box account as Administrator and complete the Box SSO Questionaire. So Box can setup single sign-on for your account.
Set the following items on the form:
- Subject: New SSO Set-up
- Do you have a consulting package: No, if you have select Yes
- Company subdomain: the subdomain you used in Step 1
- Who is your Identity Provider: Other with Metadata
This will limit the Required information panel down to the following required values:
Upload the metadata xml file you downloaded in Step 2 as requested in the form then set the following value:
SAML Attribute: User's email: SAML_SUBJECT
That is all you need to fill, ignore the optional items. Click Submit to send the form. Box will then enable single sign-on for your account using the data found in your metadata. Once done they will contacct you via email to let you know.
Step 4 - Final Checks
One final step before you start using your Box resource, ensure that you have assigned some Roles to it so that its available for users to use. To do this, edit the resource and click the Assignments tab.
In addition, each user's email address must match their SAML logon email as this is the primary link between accounts.
Once Box have informed you that your Box account is ready for single sign-on you can also go directly to Box and login using single sign-on, in Browser Resources section under My Resources click the launch icon to access Box, or by going directly to your subdomain as identified in Step 1, you should see your single sign-on login page.
Step 5 - Enable SSO Only
Once you are happy all is working, set your Box account to be, SSO Only. This will require anyone from your account using Box to login using single sign-on only. Even if a user goes to the general Box login page, it will force them to use single sign-on only.