Configure SAML group push for Box
Use SAML group push when you want to add users to existing Box groups, create groups in Box, or manage group membership in Box.
If a user is a member of only one group in Okta or Active Directory (AD) and they're removed from the group, the group membership removal doesn't occur in Box.
If a user isn't assigned to any Okta or AD groups, the <groups> element is omitted from the Okta SAML assertion. Without a <groups> element to inspect, Box does nothing to its groups and the user's last group membership remains until you manually remove it.
- If you have an existing Box instance you want to configure, go to step 2. To configure SAML group push for a new Box instance:
In the Admin Console, go to .
- Click Browse App Catalog.
- Search for and select Box, and then click Add Integration.
- Complete the fields on the General Settings page and click Next.
- In the Sign On Methods section of the Sign-On Options page, select SAML 2.0.
- Click View SAML setup instructions and follow the instructions.
- Click Done.
- To configure SAML group push for an existing Box instance:
In the Admin Console, go to .
- Select your Box instance from the list of apps.
- Click the Sign On tab and click Edit.
- In the Sign on methods section, select SAML 2.0.
- Click View SAML setup instructions and follow the instructions.
- Click Done.
- Optional. To remove group memberships from Box:
- Open your Box instance and go to .
- Click the Users Settings tab.
- Clear the Remove user from groups upon SSO user login checkbox.
- Click Save.