Unable to Sync Existing Groups in Box

Steve 1 Reputation point
2020-04-06T15:10:59.313+00:00

It doesn't look like AAD can sync existing groups in Box and instead skips them entirely. In the attribute mapping settings section, it shows that the AAD group "displayName" is being matched up with the Box group "Name" and the matching precedence is "1". So I expected AAD to use the group name to match up groups between AAD and Box.

Instead, what I've found is that if I have an existing group in Box called TestAD1 and in AAD have a group called TestAD1, AAD tries to create a new group in Box called TestAD1 and that causes a failure since it already exists. I can't just delete existing groups in Box so AAD can recreate them because that has major impacts to existing Box users. Is this a bug and if not, is there a workaround?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,383 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 33,706 Reputation points Microsoft Employee
    2020-04-08T01:35:44.963+00:00

    It seems to be recognizing them as separate Object IDs. Have you assigned the groups to an application?

    I believe you can only provision groups from Azure to Box and not the other way around. (I'm checking with the product team to confirm though.)

    https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/box-tutorial

    0 comments
  2. Marilee Turscak-MSFT 33,706 Reputation points Microsoft Employee
    2020-04-09T19:43:48.097+00:00

    Can you please confirm if you have these boxes checked for group mapping?

    7175-targetobject.jpg

    The product team has replied that having these unchecked is a common reason for why this can happen.

    0 comments