This article outlines the information and steps you need to take in order to configure Box to use the Hypersocket SAML Identity Provider. Once configured your users will be redirected to your Hypersocket Server to authenticate.
There are two parts to this article, configuring your Hypersocket SSO server and configuring the Box service which is performed by Box, you will need to fill in a Box questionaire with all relevant details taken from your Hypersocket SSO server instance to allow them to set your account up. Note that Box SSO is only available on Business accounts and above.
Step 1 - Create the Resource from the Template
Log into your server as admin and navigate to Single Sign On -> SAML. Select Search Templates and select the Box SAML template and click Next.
You will be asked for your Box subdomain which you can find from your Box admin account under Admin Console->Company & Branding->Custom URL.
Enter the subdomain only, for example, 'example' and not the full URL.
Click Next and you should be presented with this article. At this point click on the Goto Article link to open this article in a separate browser window so that you can return to the SAML list of resources where your Box SAML resource should now be present.
Step 2 - Download SAML metadata
You will need to download the SAML metadata to configure Box. In the table of SAML resources locate the Box SAML resource, and click the options icon to activate the dropdown. Select Download Metadata; this is an XML file that contains information about the Identity Provider and its access points.
Step 3 - Complete the Box Questionaire
Once you have setup the SAML resource on your server you will now need to log into your Box account as Administrator and complete the Box SSO Questionaire. So Box can setup single sign-on for your account.
Set the following items on the form:
- Subject: New SSO Set-up
- Do you have a consulting package: No, if you have select Yes
- Company subdomain: the subdomain you used in Step 1
- Who is your Identity Provider: Other with Metadata
This will limit the Required information panel down to the following required values:
Upload the metadata xml file you downloaded in Step 2 as requested in the form then set the following value:
SAML Attribute: User's email: SAML_SUBJECT
That is all you need to fill, ignore the optional items. Click Submit to send the form. Box will then enable single sign-on for your account using the data found in your metadata. Once done they will contacct you via email to let you know.
Step 4 - Final Checks
One final step before you start using your Box resource, ensure that you have assigned some Roles to it so that its available for users to use.
In addition, each user's email address must match their SAML logon email as this is the primary link between accounts.
Once Box have informed you that your Box account is ready for single sign-on you can also go directly to Box and login using single sign-on, in Browser Resources section under My Resources click the launch icon to access Box, or by going directly to your subdomain as identified in Step 1, you should see your single sign-on login page.
Step 5 - Enable SSO Only
Once you are happy all is working, set your Box account to be, SSO Only. This will require anyone from your account using Box to login using single sign-on only. Even if a user goes to the general Box login page, it will force them to use single sign-on only.