PingOne for Enterprise

Adding Box to Your PingOne for Enterprise Dock

Add the Box application your PingOne for Enterprise dock from the application catalog.

About this task

After you configure the Box application for the PingOne for Enterprise dock, you must email your Box representative with configuration and connection information.

Steps

  1. In the PingOne for Enterprise admin console, go to Applications → Application Catalog.

  2. Optional: In the Search field, search for the application.

  3. Click the Box application line to expand it and click Setup.

Next steps

Click Continue to Next Step.

Box Connection Configuration

About this task

PingOne automatically populates the values for the ACS URL and Entity ID fields. All other fields are optional.

For most configurations, the values on this tab should not change.

Steps

  1. Import the metadata for Box:

    Choose from:

    • Click Select File to upload the metadata file.

    • Click Or use URL to enter the URL of the metadata.

  2. In the ACS URL field, the value should be https://sso.services.box.net/sp/ACS.saml2.

  3. In the Entity ID field, the value should be box.net.

  4. In the Target Resource field, enter a URL to redirect the user to after IdP-initiated single sign-on (SSO).

  5. In the Single Logout Endpoint field, enter a URL for PingOne to send single logout (SLO) requests to.

  6. In the Single Logout Response Endpoint field, enter a URL for PingOne to send SLO responses to.

  7. On the Primary Verification Certificate line, click Browse to locate and upload a local certificate file used to verify SLO requests and responses.

  8. On the Secondary Verification Certificate line, click Browse to locate and upload a local certificate used to verify SLO requests and responses if the primary certificate fails.

  9. Select the Force Re-authentication check box to require your identity bridge to re-authenticate users with an active SSO session.

  10. Select the Encrypt Assertion check box to encrypt outgoing SAML assertions.

  11. On the Signing line:

    Choose from:

    • Click Sign Assertion to have PingOne sign outgoing SAML assertions. This is the default option.

    • Click Sign Response to have PingOne sign responses to incoming SAML assertions.

  12. From the Signing Algorithm list, select an algorithm with which to sign SAML assertions.

  13. Select the Use Custom URL check box to enter a customer URL to launch Achievers from the dock.

  14. Select the Set Up Provisioning check box to configure user provisioning to Box.

Next steps

Click Continue to Next Step.

Box Provisioning

Before you begin

Ensure that popups are permitted in your browser.

About this task

If you don’t need to set up user provisioning, proceed to Box Attribute Mapping.

If you selected Set Up Provisioning on the Connection configuration tab:

Steps

  1. On the Provisioning Instructions tab, click Continue to Next Step.

  2. Optional: On the Application Configuration tab, complete the following steps.

    1. Select the CREATE_PERSONAL_FOLDERS check box to create a new Box folder when a new user is created.

    2. In the PARENT_FOLDER_ID field, enter the ID of the folder where the new user folders will be created.

      Find the ID of the desired parent folder by navigating to the Box web portal and copying the string at the end of the URL. For the folder located at https://myconnector.app.box.com/folder/1234567890, the folder ID would be 123456789.

The administrator account used to obtain the Client ID and Client Secret must be the owner of this folder.

  1. From the PERSONAL_FOLDER_PERMISSION_LEVELS list, select the ownership and access permissions to apply to new user folders.

  2. From the REMOVE_ACTION list, select the action to take when you disable or delete a user account in PingOne.

    • Select Suspend to suspend a deleted user’s Box account.

    • Select Delete to delete a deleted user’s Box account.

  3. In the DELETED_CONTENT_ACCOUNT field, enter the email address to which the content of a deleted user’s account will be transferred.

  4. From the FORCE_DELETE list, select whether to delete users who own content.

    • False is the default option. Attempts to delete users who own content will fail.

    • True allows users who own content to be deleted.

      1. Click Continue to Next Step.

      2. Click Activate.

        Result:

        The Customer Log In page appears in a pop-up window.

      3. Enter your Box credentials and click Authorize.

      4. Click Grant Access to Box.

        Result:

        You will be redirected to PingOne. The Activate button should now read Activated.

Next steps

Click Continue to Next Step.

Box Attribute Mapping

About this task

PingOne will automatically populate required SAML attributes.

For Box, the required attribute is SAML_SUBJECT.

Steps

  1. To add an additional optional attribute, click Add new attribute.

  2. In the Application Attribute field, enter the attribute name as it appears in the application.

  3. In the Identity Bridge Attribute or Literal Value field, choose one of the following:

    Choose from:

    • To map to the application attribute: Enter or select a directory attribute.

    • To assign to the application attribute: Select As Literal, then enter a literal value.

  4. To create advanced attribute mappings, click Advanced.

    For more information, see Create advanced attribute mappings.

Next steps

Click Continue to Next Step.

Box Customization

Steps

  • To change the application icon, click Select image and upload a local image file.

    The image file must be:

    • PNG, GIF, or JPG format

    • 312 x 52 pixels maximum

    • 2 MB maximum file size

      Images are scaled to 64 x 64 pixels for display.

  • To change the name of the application displayed on the dock, in the Name field, enter a new name.

  • To change the description of the application, in the Description field, enter the new description text.

  • To change the category to which the application is assigned on the dock, in the Category list, select a category.

    For information about creating custom application categories, see Creating a custom application category.

Next steps

Click Continue to Next Step.

Box Group Access

About this task

The Group Access tab shows every user group that you have created.

For more information about creating user groups, see Add user groups.

Steps

  • To add a group’s access to the application, on the line for that group, click Add.

  • To remove a group’s access, on the line for that group, click Remove.

  • When you’re finished assigning groups, click Continue to Next Step.

Box SAML connection

About this task

Steps

  1. In PingOne, on the Review Setup tab, click Download to download the SAML metadata file.

  2. Click Finish to add Box to your PingOne Dock.

  3. Send an email to inform your Box representative that you want to enable SSO. Include the following information.

    • The SAML metadata file you downloaded, attached to the email.

    • Which SSO mode you want.

      • SSO Enabled allows users to sign on to Box using either their Box credentials or SAML SSO.

      • SSO Required requires users to sign on to Box using SSO.