Export (0) Print
Expand All

Tutorial: Azure AD integration with Box

Published: July 8, 2013

Updated: January 23, 2014

Applies To: Azure

TipTip
For feedback, click here.

For more information about this topic, see Best Practices for Managing the Application access enhancements for Azure Active Directory.

The objective of this tutorial is to show the integration of Azure and Box. The scenario outlined in this tutorial assumes that you already have the following items:

  • A valid Azure subscription

  • A test tenant in Box

If you don’t have a valid tenant in Box yet, you can, for example, sign up for a trial account at the Box web site, which has the Box API that is required to configure the integration enabled.

The scenario outlined in this tutorial consists of the following building blocks:

  1. Enabling the application integration for Box

  2. Configuring user provisioning

  3. Configuring single sign-on

The objective of this section is to outline how to enable the application integration for Box.

  1. In the Azure Management Portal, on the left navigation pane, click Active Directory.

    Active Directory
  2. From the Directory list, select the directory for which you want to enable directory integration.

  3. To open the applications view, in the directory view, click Applications in the top menu.

    Applications
  4. To open the Application Gallery, click Add An App, and then click Add an application for my organization to use.

    What do you want to do?
  5. In the search box, type Box.

    Box
  6. In the results pane, select Box, and then click Complete to add the application.

    Box

The objective of this section is to outline how to enable provisioning of Active Directory user accounts to Box.

The following screenshot shows an example of the related dialog in Azure AD:

Configure Provisioning

  1. In the Azure Management Portal, on the Box application integration page, click Configure user provisioning to open the Configure User Provisioning dialog.

  2. On the Enable user provisioning to Box page, click enable account sync to open the Log In to Grant Access to Box dialog.

    Box Log In
  3. Log in to your Box tenant to open a dialog that enables you to Grant access to Box.

    Grant access to Box
  4. Click Grant access to Box to authorize this operation and to return to the Azure Management Portal.

    Box Authorization
  5. To finish the configuration, click the Complete button.

You can now create a test account, wait for 10 minutes and verify that the account has been synchronized to Box.com.

The objective of this section is to outline how to enable users to authenticate to Box with their account in Azure AD using federation based on the SAML protocol.
As part of this procedure, you are required to upload metadata to Box.com.

The following screenshot shows an example of the related dialog in Azure AD:

Configure single sign-on

  1. In the Azure Management Portal, select Box from the applications list to open the box dialog page.

  2. To open the Select the single sign-on mode for this app dialog page, click Configure single sign-on.

  3. Select Users authenticate with their account in Azure AD as Mode, and click the Next button:

    Select the single sign-on mode for this app
  4. On the Configure App URL page, in the BOX TENANT URL textbox, type your box tenant URL, and then click the Next button.

    Configure App URL
    noteNote
    The BOX.com tenant URL has always the following structure: https://<mydomainname>.box.com

  5. On the Configure single sign-on at Box page, click Download metadata, and then save the metadata on your computer (e.g.: “c:\FederationMetadata.xml”)

    Configure single sign-on
  6. To send your metadata to Box.com, call the Box.com support team and let them know that you want to setup federated SSO on your Box.com account.  

    noteNote
    You will have to provide the metadata XML file to the Box.com support team.
    The XML file contains all information that is required to setup federated SSO.

  7. To finish the federated single sign-on configuration, click the Complete button.

You can now go to the Access Panel and test single sign-on to Box.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft