To have SSO enabled on your box.com account, you need a Business or an Enterprise Account. After upgrading your account, you need to contact box.com support to activate SSO authentication. At some point, they will ask you to send them your M-Pin SSO metadata file (accessed in the 'Global Settings' section of the SSO dashboard).
When sending the metadata, you need to provide the Attributes separately: just mention in the email that you need an attribute named email to indicate the main method of authentication. You can provide other Attributes as well, but they are not needed for the SSO authentication to operate.
In the M-Pin SSO web console:
- Under Integration, click on the + button next to Box profiles.
The Add Box profile page is displayed.
- Complete the required fields and save the profile. Settings:
- Name: (required) – name of the profile, e.g. Sample Box.com Profile
- LDAP Profile: – if you have LDAP profiles configured, they will be available in this drop-down
- Recipient URL: – IAM client application end point to which the M-Pin SSO SAML response is returned
- Hostname: (required) – the URL of your Box.com server
After saving, the profile is displayed on the Box.com profiles page.
From this point on, when your users visit the Box service and enter an email address belonging to the profile just set up, Box will detect that single sign-on is enabled and a password will no longer be necessary.