Page created: 24 Jul 2019 |
Page updated: 8 Feb 2022
The following section describes the steps for configuring single sign-on (SSO) to Box. Configuring SAML SSO involves configuring both the PingFederate SP connection and Box.
Note: Configuring SSO is optional for outbound provisioning.
- Create a new SP connection or select an existing SP connection from the SP Configuration menu.
On the Connection Template screen, select the
Use a template for this connection option and choose
Box Connector from the Connection
Template drop-down list. You will be asked to provide the
boxmetadata.xmlfile you obtained earlier in Download Box SAML 2.0 metadata file.
- On the Connection Type screen, ensure that the Browser SSO Profiles check box is selected.
On the General Info screen, the default values are taken
from the metadata file you selected in step 2. We recommend using the metadata
- Click Next to continue the Browser SSO configuration. For more information, see the following sections under Identity provider SSO configuration:
- On the authentication adapter's Attribute Contract Fulfillment screen, map SAML_SUBJECT to email address.
- On the POST and SOAP are selected. screen, ensure that both
- On the Credentials screen, click Configure Credentials.
- On the Back-Channel Authentication screen, click Configure.
- On the Inbound Authentication Type screen, select Digital Signature (Browser SSO profile only) and click Done.
- On the screen, select the signing certificate.
- On the Signature Verification Settings screen, click Manage Signature Verification Settings.
- On the Trust Model screen, ensure Unanchored is selected and click Next.
On the Signature Verification Certificate screen, select
the Box certificate as the primary certificate and click
- On the Activation & Summary screen, set Connection Status to Active, then click Save.