Integrate Box with Okta
- Add the Box app to Okta if it has not been added previously:
In the Admin Console, go to Applications > Applications.
- Click Add Application.
- Enter Box in the search field.
- Select Box and click Add.
- Complete the fields on the General Settings page and click Next.
- In the Sign On Methods section of the Sign-On Options page, select a sign on option. If you select SAML 2.0, click View Setup Instructions and follow the instructions.
- Click Done.
- If you added the Box app previously, on the Okta Admin Console click Applications and select Box in the list of applications.
- Click the Provisioning tab, click Configure API Integration, and select the Enable API Integration check box.
- Box requires a token to authenticate against their API. Click Authenticate with Box to generate a token.
- Enter your Box admin email and password and click Authorize.
- Click Grant access to Box.
- Click Save.
Optional. Change the Okta to Box provisioning settings:
- Click the Provisioning tab and select To App in the SETTINGS list.
- Click Edit.
- Optional. Select the Create Users check box and complete these fields:
Create personal Box folder when new user account is provisioned: Optional. Select this check box to create a Box folder when Okta provisions a new user account in Box.
Owner of the Box Personal Folder: Select Admin as Owner or User as Owner.
If you select Admin as Owner, the Box admin who authenticated Okta to the Box API is the owner of the folder. The folder is assigned to the newly provisioned user account with the selected permission level (Editor, Co-Owner). If you select this option, you need to specify the full path to parent folder where you want the folder to be created in your Box tenant. For example, All Files/Parent Folder.
If you select User as Owner, the new user provisioned to Box is the owner of the folder. You do not to need to specify a folder path, as the folder is created in the user's root directory.
Full path to parent folder: Enter the full path to the existing parent folder under which all individual personal folders will be created. For example: All Files/Parent Folder.
User folder permission-level: Select Editor or Co-owner to assign editor or co-owner permissions to the personal folder.
- Personal folder name format: Optional. Select Custom and enter a custom expression. For assistance creating your custom expression, click the custom expression link.
- Sync personal folder to desktop: Optional. Select this check box if you want to duplicate the personal folder on the desktop.
- Optional. Select the Update User Attributes check box to update a user's attributes in Box when the app is assigned. Future attribute changes made to the Okta user profile automatically overwrite the corresponding attribute value in Box.
- Optional. Select the Deactivate Users check box and complete these fields:
- Box user status on deactivation: Optional. Select Inactive to make the user profile inactive when they are deactivated in Okta or Deleted to delete a Box user when they are deactivated in Okta.
File management upon user deletion: Select Transfer user’s files to account user, Do not delete users with files, create manual de-provisioning task, or Delete all files - are you sure?.
If you select Transfer user’s files to account user the user's files are transferred to a valid, active Box account. In the Box email address of service account user field, enter the email address where the user's files should be sent when they are deactivated.
If you select Do not delete users with files, create manual de-provisioning task, deactivated users are deleted from Box if they do not have files stored in their Box account. Users with files stored in their Box accounts remain active, and a task is created to alert the Okta administrator that they need to manually deprovision the user.
If you select Delete all files - are you sure?, the user account and all user files are permanently deleted.
- Optional. Assign users to the Box app. See Assign applications to users.