Configure PingFederate for SSO

Create a new SP connection or select an existing SP connection from the SP Configuration menu.

On the Connection Template screen, select the Use a template for this connection option and choose Box Connector from the Connection Template drop-down list. You will be asked to provide the boxmetadata.xml file you obtained earlier in Download Box SAML 2.0 metadata file.

On the Connection Type screen, ensure that the Browser SSO Profiles check box is selected.

On the General Info screen, the default values are taken from the metadata file you selected in step 2. We recommend using the metadata default values.

Click Next to continue the Browser SSO configuration. For more information, see the following sections under Identity provider SSO configuration:

On the authentication adapter’s Attribute Contract Fulfillment screen, map SAML_SUBJECT to email address.

On the Protocol Settings → Allowable SAML Bindings screen, ensure that both POST and SOAP are selected.

On the Credentials screen, click Configure Credentials.

On the Back-Channel Authentication screen, click Configure.

On the Inbound Authentication Type screen, select Digital Signature (Browser SSO profile only) and click Done.

On the Credentials → Digital Signature Settings screen, select the signing certificate.

On the Signature Verification Settings screen, click Manage Signature Verification Settings.

On the Trust Model screen, ensure Unanchored is selected and click Next.

On the Signature Verification Certificate screen, select the Box certificate as the primary certificate and click Next.

On the Activation & Summary screen, set Connection Status to Active, then click Save.