Export (0) Print
Expand All

Tutorial: Azure Active Directory integration with Box

Published: July 8, 2013

Updated: June 21, 2015

Applies To: Azure

For feedback, click here.

The objective of this tutorial is to show the integration of Azure and Box.
The scenario outlined in this tutorial assumes that you already have the following items:

  • A valid Azure subscription

  • A test tenant in Box

The scenario outlined in this tutorial consists of the following building blocks:

  1. Enabling the application integration for Box

  2. Configuring single sign-on

  3. Configuring user provisioning

  4. Assigning users

Scenario configurration

The objective of this section is to outline how to enable the application integration for Box.

  1. In the Azure Management Portal, on the left navigation pane, click Active Directory.

    Active Directory

  2. From the Directory list, select the directory for which you want to enable directory integration.

  3. To open the applications view, in the directory view, click Applications in the top menu.


  4. Click Add at the bottom of the page.

    Add application

  5. On the What do you want to do dialog, click Add an application from the gallery.

    Add an application from gallerry

  6. In the search box, type Box.


  7. In the results pane, select Box, and then click Complete to add the application.


The objective of this section is to outline how to enable users to authenticate to Box with their account in Azure AD using federation based on the SAML protocol.
As part of this procedure, you are required to upload metadata to Box.com.

  1. In the Azure Management Portal, select Box from the applications list to open the box dialog page.

  2. To open the Configure single sign-on dialog page, click Configure single sign-on.

    Enable single sign-on

  3. Select Windows Azure AD Single-Sign On, and click Next.

    Configure single sign-on
  4. On the Configure App URL page, in the BOX TENANT URL textbox, type your box tenant URL, and then click the Next button.

    Configure App URL
    The BOX.com tenant URL has always the following structure: https://<mydomainname>.box.com

  5. On the Configure single sign-on at Box page, click Download metadata, and then save the metadata on your computer (e.g.: “c:\FederationMetadata.xml”)

    Configure single sign-on
  6. To send your metadata to Box.com, call the Box.com support team and let them know that you want to setup federated SSO on your Box.com account.  

    You will have to provide the metadata XML file to the Box.com support team.
    The XML file contains all information that is required to setup federated SSO.

  7. On the Azure AD portal, select the single sign-on configuration confirmation, and then click Complete to close the Configure Single Sign On dialog.


The objective of this section is to outline how to enable provisioning of Active Directory user accounts to Box.

  1. In the Azure Management Portal, on the Box application integration page, click Configure user provisioning to open the Configure User Provisioning dialog.

    Enable automatic user provisioning

  2. On the Enable user provisioning to Box dialog page, click Enable user provisioning.

    Enable user provisioning to Bos

  3. On the Log in to grant access to Box page, provide the required credentials, and then click Authorize.

    Log in to Box
  4. Click Grant access to Box to authorize this operation and to return to the Azure Management Portal.

    Grant access to Box
  5. To finish the configuration, click the Complete button.

    Enable user provisioning to Box

To test your configuration, you need to grant the Azure AD users you want to allow using your application access to it by assigning them.

  1. In the Azure AD portal, create a test account.

  2. On the Box application integration page, click Assign users.

    Assign users to Box

  3. Select your test user, click Assign, and then click Yes to confirm your assignment.


You should now wait for 10 minutes and verify that the account has been synchronized to Box.

As a first verification step, you can check the provisioning status, by clicking Dashboard in the D on the Box application integration page on the Azure Management Portal.


A successfully completed user provisioning cycle is indicated by a related status:


In your Box tenant, synchronized users are listed under Managed Users in the Admin Console.

Managed User

If you want to test your single sign-on settings, open the Access Panel. For more details about the Access Panel, see Introduction to the Access Panel.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft