---
title: Adding Box to Your PingOne for Enterprise Dock
description: Add the Box application your PingOne for Enterprise dock from the application catalog.
component: pingoneforenterprise
page_id: pingoneforenterprise:pingone_for_enterprise_app_catalog:p14eapps_box
canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_for_enterprise_app_catalog/p14eapps_box.html
revdate: October 4, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
  next-steps: Next steps
  box-connection-configuration: Box Connection Configuration
  about-this-task-2: About this task
  steps-2: Steps
  choose-from: Choose from:
  choose-from-2: Choose from:
  next-steps-2: Next steps
  box-provisioning: Box Provisioning
  before-you-begin: Before you begin
  about-this-task-3: About this task
  steps-3: Steps
  result: Result:
  result-2: Result:
  next-steps-3: Next steps
  box-attribute-mapping: Box Attribute Mapping
  about-this-task-4: About this task
  steps-4: Steps
  choose-from-3: Choose from:
  next-steps-4: Next steps
  box-customization: Box Customization
  steps-5: Steps
  next-steps-5: Next steps
  box-group-access: Box Group Access
  about-this-task-5: About this task
  steps-6: Steps
  box-saml-connection: Box SAML connection
  about-this-task-6: About this task
  steps-7: Steps
---

# Adding Box to Your PingOne for Enterprise Dock

Add the Box application your PingOne for Enterprise dock from the application catalog.

## About this task

After you configure the Box application for the PingOne for Enterprise dock, you must email your Box representative with configuration and connection information.

## Steps

1. In the PingOne for Enterprise admin console, go to **Applications > Application Catalog**.

2. **Optional:** In the **Search** field, search for the application.

3. Click the **Box** application line to expand it and click **Setup**.

## Next steps

Click **Continue to Next Step**.

## Box Connection Configuration

### About this task

PingOne for Enterprise automatically populates the values for the **ACS URL** and **Entity ID** fields. All other fields are optional.

For most configurations, the values on this tab should not change.

### Steps

1. Import the metadata for Box:

   #### Choose from:

   * Click **Select File** to upload the metadata file.

   * Click **Or use URL** to enter the URL of the metadata.

2. In the **ACS URL** field, the value should be `https://sso.services.box.net/sp/ACS.saml2`.

3. In the **Entity ID** field, the value should be `box.net`.

4. In the **Target Resource** field, enter a URL to redirect the user to after IdP-initiated single sign-on (SSO).

5. In the **Single Logout Endpoint** field, enter a URL for PingOne for Enterprise to send single logout (SLO) requests to.

6. In the **Single Logout Response Endpoint** field, enter a URL for PingOne for Enterprise to send SLO responses to.

7. On the **Primary Verification Certificate** line, click **Browse** to locate and upload a local certificate file used to verify SLO requests and responses.

8. On the **Secondary Verification Certificate** line, click **Browse** to locate and upload a local certificate used to verify SLO requests and responses if the primary certificate fails.

9. Select the **Force Re-authentication** checkbox to require your identity bridge to re-authenticate users with an active SSO session.

10. Select the **Encrypt Assertion** checkbox to encrypt outgoing SAML assertions.

11. On the **Signing** line:

    #### Choose from:

    * Click **Sign Assertion** to have PingOne for Enterprise sign outgoing SAML assertions. This is the default option.

    * Click **Sign Response** to have PingOne for Enterprise sign responses to incoming SAML assertions.

12. From the **Signing Algorithm** list, select an algorithm with which to sign SAML assertions.

13. Select the **Use Custom URL** checkbox to enter a customer URL to launch Achievers from the dock.

14. Select the **Set Up Provisioning** checkbox to configure user provisioning to Box.

### Next steps

Click **Continue to Next Step**.

## Box Provisioning

### Before you begin

Ensure that popups are permitted in your browser.

### About this task

|   |                                                                                                                  |
| - | ---------------------------------------------------------------------------------------------------------------- |
|   | If you don't need to set up user provisioning, proceed to [Box Attribute Mapping](p14eapps_box_attributes.html). |

If you selected **Set Up Provisioning** on the **Connection configuration** tab:

### Steps

1. On the **Provisioning Instructions** tab, click **Continue to Next Step**.

2. **Optional:** On the **Application Configuration** tab, complete the following steps.

   1. Select the **CREATE\_PERSONAL\_FOLDERS** checkbox to create a new Box folder when a new user is created.

   2. In the **PARENT\_FOLDER\_ID** field, enter the ID of the folder where the new user folders will be created.

      |   |                                                                                                                                                                                                                                             |
      | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
      |   | Find the ID of the desired parent folder by navigating to the Box web portal and copying the string at the end of the URL. For the folder located at <https://myconnector.app.box.com/folder/1234567890>, the folder ID would be 123456789. |

The administrator account used to obtain the **Client ID** and **Client Secret** must be the owner of this folder.

1. From the **PERSONAL\_FOLDER\_PERMISSION\_LEVELS** list, select the ownership and access permissions to apply to new user folders.

2. From the **REMOVE\_ACTION** list, select the action to take when you disable or delete a user account in PingOne.

   * Select **Suspend** to suspend a deleted user's Box account.

   * Select **Delete** to delete a deleted user's Box account.

3. In the **DELETED\_CONTENT\_ACCOUNT** field, enter the email address to which the content of a deleted user's account will be transferred.

4. From the **FORCE\_DELETE** list, select whether to delete users who own content.

   * **False** is the default option. Attempts to delete users who own content will fail.

   * **True** allows users who own content to be deleted.

     1. Click **Continue to Next Step**.

     2. Click **Activate**.

        #### Result:

        The **Customer Log In** page appears in a pop-up window.

     3. Enter your Box credentials and click **Authorize**.

     4. Click **Grant Access to Box**.

        #### Result:

        You will be redirected to PingOne. The **Activate** button should now read **Activated**.

### Next steps

Click **Continue to Next Step**.

## Box Attribute Mapping

### About this task

PingOne will automatically populate required SAML attributes.

For Box, the required attribute is `SAML_SUBJECT`.

### Steps

1. To add an additional optional attribute, click **Add new attribute**.

2. In the **Application Attribute** field, enter the attribute name as it appears in the application.

3. In the **Identity Bridge Attribute or Literal Value** field, choose one of the following:

   #### Choose from:

   * To map to the application attribute: Enter or select a directory attribute.

   * To assign to the application attribute: Select **As Literal**, then enter a literal value.

4. To create advanced attribute mappings, click **Advanced**.

   Learn more in [Creating advanced attribute mappings](../pingone_for_enterprise/p14e_creating_advaced_attribute_mappings.html).

### Next steps

Click **Continue to Next Step**.

## Box Customization

### Steps

* To change the application icon, click **Select image** and upload a local image file.

  The image file must be:

  * PNG, GIF, or JPG format

  * 312 x 52 pixels maximum

  * 2 MB maximum file size

    |   |                                                  |
    | - | ------------------------------------------------ |
    |   | Images are scaled to 64 x 64 pixels for display. |

* To change the name of the application displayed on the dock, in the **Name** field, enter a new name.

* To change the description of the application, in the **Description** field, enter the new description text.

* To change the category to which the application is assigned on the dock, in the **Category** list, select a category.

  Learn more in [Creating a custom application category](../pingone_for_enterprise/p14e_creating_custom_application_category.html).

### Next steps

Click **Continue to Next Step**.

## Box Group Access

### About this task

The **Group Access** tab shows every user group that you have created.

Learn more in [Adding user groups](../pingone_for_enterprise/p14e_add_groups.html).

### Steps

* To add a group's access to the application, on the line for that group, click **Add**.

* To remove a group's access, on the line for that group, click **Remove**.

* When you're finished assigning groups, click **Continue to Next Step**.

## Box SAML connection

### About this task

### Steps

1. In PingOne, on the **Review Setup** tab, click **Download** to download the SAML metadata file.

2. Click **Finish** to add Box to your PingOne Dock.

3. Send an email to inform your Box representative that you want to enable SSO. Include the following information.

   * The SAML metadata file you downloaded, attached to the email.

   * Which SSO mode you want.

     * SSO Enabled allows users to sign on to Box using either their Box credentials or SAML SSO.

     * SSO Required requires users to sign on to Box using SSO.