Box SAML Integration

Posted on April 12, 2019

Contents

Getting Started

Both TraitWare and Box require certain information to be able to communicate securely with each other.

What You Need From Box

What You Need From TraitWare

You will obtain the following when you create your TraitWare application.

  • SAML Endpoint/Sign-in URL
  • Issuer
  • Public Verification Certificate Fingerprint

Setting Up TraitWare

In order for TraitWare to communicate with Box, an application will need to be created. Once you have access from TraitWare, navigate to https://admin.traitware.com and use your TraitWare app to sign in.

If you do not have access to login to https://admin.traitware.com, please setup a trial account, or contact us at support@traitware.com

Adding a SAML Application

  • Select Applications in the menu on the left.
  • Select Add Application to add a new application.
  • Select SAML as your Application Type.
  • Enter an Application Name that will make sense when you see it (ex: Box TraitWare).
  • Choose Use a Template.
  • In the SAML Applications dropdown list, select Box. The fields following will auto-fill with generic information.
  • For Return URI, you can leave the field empty, or put a URL to redirect users back to upon timeout
  • For Relay State, you can leave the field empty.
  • For Metadata URL, leave it as n/a
  • You won’t need to add anything for the Claims Mapping.
  • Select Save Application.
  • Once your application is submitted, it will populate the information required by your service provider
  • Open the appropriate application, navigate to the Provider Credentials tab, and you will then be able to copy the information required
  • If you plan to use the Metadata, select Download as XML and save it somewhere you will be able to easily find

Turning on Application Access for User

  • Select Users from the menu on the left.
  • Select a user. Their User Profile will open.
  • Find the Box Application name under Applications, and select the application to enable access for that user.

Setting Up Box

  • Next, select your Identity Provider.
  • Choose either Other with Metadata or Other w/o Metadata
  • You will need to fill out the corresponding fields
  • With Metadata only requires the SAML Attribute: User’s email:. Follow the example below for this information.
  • Select Submit
  • If you choose to do it without Metadata, you will need to fill in Entity Id, Redirect URL, and to upload the Signing Cert along with providing the SAML Attribute: User’s email:.
  • Select Submit
  • Once your request is completed, you will receive an email from Box. Please note that if you do not have a consulting package, it could take them up to 3 weeks to complete the request.
  • Once the request is complete, navigate to https://SUBDOMAIN.box.com/and sign in using an Admin account.
  • Navigate to Admin Console and then Enterprise Settings
  • Navigate to User Settings
  • If your file setup is complete, you will be able to Test the connection by selecting SSO Test Mode
  • This will allow users to continue using their Box credentials if they navigate to the generic login of https://account.box.com
  • Select Save
  • To test your connection, navigate to https://SUBDOMAIN.box.com
  • Select Continue
  • Scan the QR with your TraitWare app
  • Once testing is successful and all users have been successfully setup, you can move on to Step 2 of Configure Single Sign On (Do not turn off SSO Test Mode)
  • You will need to check both boxes before you are able to Enable for All Users
  • Select Save
  • Once this piece is enabled, if a user tries to go to https://account.box.com, they will be automatically directed to the TraitWare QR after putting in their email.

Additional Information

If you do not see an application in the dropdown list during the Application setup, you can fill in the fields with your generic information. If you have issues, please contact us at support@traitware.com, and we will work with you to see if the application can be added.