Box users unable to use Azure/Office 365 Single Sign On to logon to Box.com

When Office 365 users try to logon to Box.com using the Single Sign On (SSO) opttion they receive an error message that says "AADSTS50105: The signed in user 'user@domain.com' is not assigned to a role for the application '23255106-946e-4c11-8170-131e9f810d10'."

I used the instructions from this website to generate the metadata file for Azure Single Sign On (SSO) for Box.com: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-box-tutorial.

This occurs even though Box has been configured to use Azure to logon to Box and all Azure users have been assigned E1 and E5 Office 365 licenses.

Currently I am in Step 1: Test the connection and have put a checkmark in the "SSO Test Mode" box.

I have submitted an urgent tech support request to Box but haven't heard back from them yet.

What else needs to be done to fix this issue so that this organization will be able to use Single Sigon on (SSO) through Azure to authenticate the Office 365 users to logon to Box.com?

Do the Office 365 users need to be assigned additional or different licenses?

Please let me know if any further information is needed.

Box Single Sign On
IT GuyNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Azure handles the authentication.  UT does not handle box licenses. You ONLY mentioned assigning office 365 licenses. If you haven't created users and assigned permissions in box  then authenticating the user does nothing.
0
IT GuyNetwork EngineerAuthor Commented:
These user accounts have been created within Box.

Is there a special way they need to be created or are there any special attributes or things that need to be done when these accounts are created within Box that will be using Azure authentication?
0
IT GuyNetwork EngineerAuthor Commented:
Resolved this issue by working with Azure tech support.

We enabled the certificate within the Azure console and now Box users are able to logon to Box using their Azure SSO accounts.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IT GuyNetwork EngineerAuthor Commented:
Resolved this issue by working with Office 365 Azure tech support.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.