Box Configuration

Box should be enabled as SAML Service Provider for supporting Single Sign-On. Unlike most other cloud services, admin is not provided with the option to configure Box SP. You need to submit a case with Box for any SP side configuration once you have Box Business account. To submit SSO configuration request on Box SP, log in to your Box account and file a case with Box support at https://community.box.com/t5/custom/page/page-id/submit_sso_questionaire

Fill the form with following details:

•Leave default value in the Subject field.

•Select Yes or No for Do you have a Box Consulting package? (‘No’ in most cases).

•Provide Box domain in the Company Box domain field (Example: https://pulsesecure3.app.box.com).

•Select Other with metadata for Who is your Identity Provider?

•In the Required Information section, click Choose File and browse to your Pulse Connect Secure (PCS) Metadata file. To download PCS SAML Metadata:

•Log in to PCS admin console.

•Navigate to Authentication > Signing In > Sign-in SAML > Metadata Provider, and click Download Metadata.

•Provide ‘emailAddress’ in the SAML Attribute: User's Email: field.

•Submit the request.

•Mention in the request as a comment that SP should be configured to look for SAML_SUBJECT attribute in SAML Assertion as PCS sends email property in SAML_SUBJECT.

Once the request is submitted, Box support team will get back on options you would like to be enabled on your account:

•SSO Required

•SSO auto-provisioning (users who authenticate through your SSO provider, but do not have a Box account will have one automatically created for them)

•Auto roll-in (users who try to sign up for a free Box account with your company's email domain will be prompted to join your company's enterprise; only possible if SSO auto-provisioning is also enabled)

You can choose to have all the options enabled.

It may take up to 3 weeks to process the request for SSO setup if you do not have an ctive consulting package.