Integrate Box with Okta

  1. Add the Box app to Okta if it hasn't been added previously:
    1. In the Admin Console, go to ApplicationsApplications.

    2. Click Browse App Catalog.
    3. Search the catalog for Box. Select it and click Add Integration.
    4. Configure your general settings. Click Next.
    5. Configure your desired sign-on options.
    6. Optional. If using SAML 2.0 as your sign-on method, click View Setup Instructions and follow the instructions.
    7. Click Done.
  2. If you previously added the Box app, return to the Applications page of the Admin Console and select Box from the list of applications.
  3. Go to the Provisioning tab.
  4. Click Configure API Integration, and then select Enable API integration.
  5. Click Authenticate with Box to generate a token, which Box requires to authenticate against their API.
  6. Enter your Box admin email address and password, and then click Authorize.
  7. Click Grant access to Box.
  8. Click Save.
  9. Optional. Change the Okta to Box provisioning settings:

    1. Go to the Provisioning tab, and then select To App under Settings.
    2. Click Edit.
    1. Optional. Select Create Users and complete the following:
      • Create personal Box folder when new user account is provisioned: Optional. Select this option to create a Box folder when Okta provisions a new user account in Box.

      • Owner of the Box Personal Folder: Select Admin as Owner or User as Owner.

        If you select Admin as Owner, the Box admin who authenticated Okta to the Box API is the owner of the folder. The folder is assigned to the newly provisioned user account with the selected permission level (Editor, Co-Owner). If you select this option, you need to specify the full path to the parent folder where you want the folder to be created in your Box tenant. For example, All Files/Parent Folder.

        If you select User as Owner, the new user provisioned to Box is the owner of the folder. You don't to need to specify a folder path, because the folder is created in the user's root directory.

      • Full path to parent folder: Enter the full path to an existing folder where you want to create individual personal folders. For example, All Files/Parent Folder.

      • User folder permission-level: Select Editor or Co-Owner to assign editor or co-owner permissions to the personal folder.

      • Personal folder name format: Optional. Select Custom and enter a custom expression. For assistance creating your custom expression, click the custom expression link.
      • Sync personal folder to desktop: Optional. Select this option if you want to duplicate the personal folder on the desktop.
    2. Optional. Enable Update User Attributes to update a user's attributes in Box when the app is assigned. Future attribute changes made to the Okta user profile automatically overwrite the corresponding attribute value in Box.
    3. Optional. Enable Deactivate Users and complete these fields:
      • Box status on deactivation: Optional. Select Inactive to make the user profile inactive when they're deactivated in Okta or Deleted to delete a Box user when they're deactivated in Okta.
      • File management upon user deletion: Choose one of the following options:

        • Transfer user’s files to account user: The user's files are transferred to a valid, active Box account. In the Box email address of service account user field, enter the email address where the user's files should be sent when they're deactivated.

        • Do not delete users with files, create manual de-provisioning task instead: Deactivated users are deleted from Box if they don't have files stored in their Box account. Users with files stored in their Box accounts remain active, and a task is created to alert the Okta administrator that they need to manually deprovision the user.

        • Delete all files - are you sure?: The user account and all user files are permanently deleted.

    4. Click Save.

  10. Optional. Assign users to the Box app. See Assign applications to users.