Troubleshooting tips

Personal folder characteristics

With the personal folder creation feature, Okta creates a personal folder for users during provisioning through the adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. account. This makes the admin the owner of the personal folder, and a copy of the folder is available in the admin account. The new user can be made either an editor or co-owner. If the user is later deactivated with the option to transfer files enabled, this folder is not transferred because it is not owned by the user. The admin's copy of the folder and its contents remains accessible in their account and is not deleted.

Personal folders are usually named after a username. If a folder with this name already exists, a user is still created but not a personal folder. A task is generated with an explanation of the conflict. After manually addressing the issue, you may resolve this task to complete successful provisioning of this user.

SAML assertions to remove users from groups in Box

If you are using SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. assertions from Okta to push user groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. to groups in Box, then you can also remove users from groups in Box.

To configure push groups using SAML to remove group memberships from Box:

  1. From Box, select Admin Console > Enterprise Settings and then the User Settings tab.
  2. Ensure the Remove user from groups upon SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones. user login check box is selected.

    This option is only available if you have SAML enabled on your Box tenant.

  3. Click Save.


  • If a user is a member of only one group in Okta and AD and is removed from that group, the group membership removal does not occur in Box.
  • If a user is a member of no groups in Okta and AD, the SAML assertion from Okta omits the <groups> element completely (instead of sending an empty <groups> element). With no <groups> element to inspect, Box does nothing to its groups so the last group membership remains intact in Box until you manually remove it in Box.