You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Box
The EmpowerID SSO framework allows you to configure Box as an identity provider (IdP) for EmpowerID. EmpowerID integrates with Box using OAuth 2.0.
Prerequisites:
Before configuring Box as an OAuth Identity Provider in EmpowerID, you need to meet the following conditions:
You must have a Box account
Create an application for EmpowerID in Box
Once the IDP Connection has been set up for Box, you can create a link similar to the one below to allow users to login to EmpowerID using Box.
https://FQDN_OF_YOUR_EMPOWERID_SERVER/WebIdPForms/Login/Portal/Box?returnUrl=%2FWebIdPForms%2F
Be sure to replace FQDN_OF_YOUR_EMPOWERID_SERVER
with the FQDN of your EmpowerID server.
Steps
To configure Box as an Identity Provider for EmpowerID, you need to do the following:
Create an application for EmpowerID in Box
Configure the default Box OAuth Provider app
Add a Login button to the Login page for Box
Test the OAuth provider app
Create an application for EmpowerID in Box
To allow users to authenticate to EmpowerID using their Box credentials, you must register EmpowerID as an OAuth application in the Box developer console. See Box’s article at https://developer.box.com/guides/applications/custom-apps/oauth2-setup/ for directions on how to do this. During the app registration process, Box will generate a Client ID and Client secret for the application. You will use these when you create an OAuth Provider App for Box in EmpowerID.
When creating an application for EmpowerID in Box , set the following:
Setting | Value |
---|---|
App name | Name of the application you are creating. This can be any value. |
OAuth 2.0 redirect URI |
|
Application scopes | Read all files and folders stored in Box |
Configure the default Box OAuth Provider app
On the navbar, expand Single Sign-On > SSO Connections and click OAuth / OpenID Connect.
Select the External OAuth Services tab and then search for Box.
Click the Provider link for Box.
Click the Edit button for the default Box OAuth provider app.
Under General Settings, fill in the following information and then click Save.
Field | Description |
---|---|
Consumer Key | Client ID generated by Box for the app you registered |
Consumer Secret | Consumer secret generated by Box for the app you registered |
Is Identity Provider | Select this option to flag the OAuth provider as an Identity Provider app. |
Select existing Account Directory | Select Box to place authenticated users in the selected account store. |
Callback Url | This is the URI that Box redirects users after they have authenticated with Box. The URL should look like the following: |
Add a Login Button for Box
On the navbar, expand Single Sign-On > SSO Connections and click SSO Connections.
Select the IdP Domains tab and then click the IdP Domains link for the IdP Domain where you want the Login tile to appear.
Select the External OAuth Providers tab and then select the Box provider.
Click Save.
To give users the ability to log in using their EmpowerID credentials, be sure to select EmpowerID from the SAML Identity Providers tab of the IdP Domain Details page.
Test the OAuth Provider App
Log out of the EmpowerID Web interface and navigate your browser to the domain name you configured for the Box IdP connection.
Click the Login Using Box button.
Enter your Box credentials and then click Authorize.
Click Grant access to Box to authorize EmpowerID to retrieve the necessary information to link the Box account to your EmpowerID identity (Person object).
You should be authenticated to EmpowerID.
IN THIS ARTICLE