Box SAML Single Sign-On (SSO) with Magento as SAML IdP . Magento SAML IdP extenstion gives you the ability to use your Magento credentials to login into Box (SP). Here we will go through a step-by-step guide to configure SSO between Box as SP (Service Provider) and Magento as IDP (Identity Provider).

Pre-requisites: Download and Installation

Installation using Composer:

• Purchase the miniOrange SAML IDP Single Sign-On extension from magento marketplace.
• Go to My profile -> My Purchases
• Please ensure you are using correct access keys (My Profile - Access Keys)
• Paste the access keys in your auth.json file inside your project
• Use the below command to add the extension to your project.

  "composer require {module_name}:{version}"

• You can see the module name and list of versions in the selector below the extension module name.
• Run the following commands on command prompt to enable the extension.

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Manual Installation:

• Download the miniOrange SAML IDP Single Sign-On extension.
• Unzip all contents of the zip inside the MiniOrange/IDPSaml directory.

{Root Directory of Magento} app code MiniOrange IDPSaml

• Run the following commands on command prompt to enable the extension

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Steps to configure Box SAML Single Sign-on ( SSO ) Login into Magento 2

1. Configuring Box as Service Provider

• Log in to your Box account as Account Admin and navigate to Admin Console.

• In the left sidebar, click Enterprise Settings >> User Settings.

• Scroll down to the Configure Single Sign On (SSO) section, then click Configure.

• Go to Box SSO Questionnaire and provide the necessary information to setup Box as Identity Provider (IdP).
• Enter the Email Address and other required fields.
• Select Other with Metadata from who is your Identity Provider? dropdown.

• Enter the Company Box Subdomain field.
• Now choose and upload the Metadata File in the xml format which you have downloaded .
• Leave the optional fields empty and click on Submit.

• It can take up to 24 hours to process the metadata. Once the file has been processed, Box sends a notification to the email address of the main account admin.
• You can now enable SSO for your enterprise. Begin by enabling SSO Test Mode. In Test Mode, you can log in using SSO credentials. Also verify that you can log out and in again using SSO credentials before you continue.
• After you have tested that the SSO login flow is working correctly, you can enable SSO Required.

2. Configure Magento as Identity Provider

• In the miniOrage SAML Identity Provider extension, go to Service Provider settings tab of the extension.
• Provide the required settings (i.e. SP Entity ID/Issuer, ACS URL) find to your Service Provider Box and click on Save button to save your configuration.


Note: The Relaystate URL is mandatory if you want to use Identity Provider (IDP)/Magento initiated flow.

3. Attribute Mapping

• In the Magento IDP extension, navigate to the Attribute Mapping tab.
• In the User Attributes section, enter the following information and click on Save .
• You can also add more attributes by clicking on + sign to add attributes.

Name	User Meta Data
username	user_login
displayName	display_name
email	user_email

4. SSO Testing

• Open a new browser or private incognito window and enter your Box URL, which will redirect you to the Magento login screen.
• Enter your Magento credentials and click the log in button.
• If you are redirected to your Box start page and successfully logged in, your configuration is correct.

Additional Resources

• What is Single Sign-On (SSO)?
• What is SAML?
• Magento SAML Single Sign-On (SSO)
• Magento OAuth Client Single Sign-On (SSO)
• Frequently Asked Questions (FAQs)