NEED: SAML SSO for enterprises with multiple EIDs

New post



  • Christopher Chern

    My organization has this use case as well. Is there any update on this?

    Comment actions Permalink
  • robert blodgett

    The requirement for unique SP Entity IDs by Azure AD is indeed a common one among IDPs, and the inability to set up multiple apps with the same SP Entity ID can be challenging.However, there might be a workaround. Azure AD supports app multi-instancing, which allows you to configure multiple instances of a single cloud application for use in different environments, such as development, testing, and production. Official Website  It’s important to note that while this approach aligns with the capabilities of Azure AD and the guidance provided by Box Support, it would be best to consult with both Box and Azure AD support to ensure that this setup will work as expected and to get assistance with the configuration. 

    Comment actions Permalink
  • Raight

    It sounds like you're facing a challenge with setting up SAML SSO for multiple Box instances tied to a single IDP entity ID, due to the limitation of each Box instance using the same SP Entity ID (""). While Box Support has indicated a potential solution involving custom attributes in the SAML response, this approach may not align with your preferred method of configuration using separate app instances in the IDP with unique SP Entity IDs.

    Here are a few suggestions and considerations:

    • Engage with Box Support: Continue working closely with Box Support to explore alternative solutions or workarounds that align with your requirements. They may be able to provide further guidance or offer additional options for configuring SAML SSO with multiple Box instances.
    • Request Feature Enhancement: Consider reaching out to Box's product team or submitting a feature enhancement request to suggest adding support for custom SP Entity IDs for each Box instance. Providing feedback directly to Box can help influence their product roadmap and prioritize features that are important to customers.
    • Evaluate Workarounds: While the current limitation may be frustrating, Official Website consider evaluating potential workarounds or alternative approaches to achieve your desired outcome. This could involve modifying your IDP configuration, leveraging custom attributes in the SAML response as suggested by Box Support, or exploring other integration options.
    • Explore Third-Party Solutions: Investigate whether there are third-party identity management solutions or middleware platforms that can help bridge the gap between your IDP and Box instances, providing additional flexibility and customization options for SAML SSO configuration.
    • Stay Informed: Keep an eye on updates and announcements from Box regarding new features, enhancements, and integrations. Box may address this limitation in future releases or provide alternative solutions that better meet your needs.


    By actively engaging with Box Support, providing feedback to Box, and exploring alternative approaches, you can work towards finding a solution that enables seamless SAML SSO integration with multiple Box instances in your enterprise.




    Comment actions Permalink

Please sign in to leave a comment.