> ## Documentation Index
> Fetch the complete documentation index at: https://developer.box.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Box API & SSO

export const MultiRelatedLinks = ({sections = []}) => {
  if (!sections || sections.length === 0) {
    return null;
  }
  return <div className="space-y-8">
      {sections.map((section, index) => <RelatedLinks key={index} title={section.title} items={section.items} />)}
    </div>;
};

export const RelatedLinks = ({title, items = []}) => {
  const getBadgeClass = badge => {
    if (!badge) return "badge-default";
    const badgeType = badge.toLowerCase().replace(/\s+/g, "-");
    return `badge-${badge === "ガイド" ? "guide" : badgeType}`;
  };
  if (!items || items.length === 0) {
    return null;
  }
  return <div className="my-8">
      {}
      <h3 className="text-sm font-bold uppercase tracking-wider mb-4">{title}</h3>

      {}
      <div className="flex flex-col gap-3">
        {items.map((item, index) => <a key={index} href={item.href} className="py-2 px-3 rounded related_link hover:bg-[#f2f2f2] dark:hover:bg-[#111827] flex items-center gap-3 group no-underline hover:no-underline border-b-0">
            {}
            <span className={`px-2 py-1 rounded-full text-xs font-semibold uppercase tracking-wide flex-shrink-0 ${getBadgeClass(item.badge)}`}>
              {item.badge}
            </span>

            {}
            <span className="text-base">{item.label}</span>
          </a>)}
      </div>
    </div>;
};

export const Link = ({href, children, className, ...props}) => {
  const localizedHref = href;
  return <a href={localizedHref} className={className} {...props}>
      {children}
    </a>;
};

Many Box Enterprises use **Single Sign On** (SSO) to authenticate
<Link href="/platform/user-types/#managed-users">Managed Users</Link> logging in to Box. The way an application built on
Box Platform interact with an SSO provider depends on the type of application
being built.

## Platform Apps with Client-side Authentication

When users authenticate with a <Link href="/guides/applications/platform-apps/index">Platform App</Link> configured to use
<Link href="/guides/authentication/oauth2">OAuth 2.0</Link> Box will detect if the enterprise is configured to use SSO.
If it is, Box will redirect the user to their browser and display the
enterprise's configured SSO log-in screen.

### SSO Enabled vs Required

Enterprises can configure their SSO in one of two ways: **SSO Required**
or **SSO Enabled**.

When SSO is enabled but not required, managed users will have the option to
either:

* log in with a Box username and password
* log in with their SSO provider

When SSO is enabled and required, Box will force all managed users to log in
with their enterprise's configured SSO provider. In this case, any
user that tries to log in must be configured on the SSO side, in addition to
having a Box account matching the email address passed via SAML.

<Warning>
  It is not possible to exempt a user from SSO in an enterprise with SSO
  set to required, even if it is only used for platform use cases.
</Warning>

## Platform Apps with Server-side Authentication

For <Link href="/guides/applications/platform-apps/index">Platform Apps</Link> that use <Link href="/guides/authentication/jwt/jwt-setup">JWT</Link>,
SSO is not used to authenticate with Box.

Platform Apps using server-side authentication only use server-to-server API
calls to communicate with Box. In this scenario, the way in which an end user
is authenticated is determined by the application and not by Box.

In other words, end user authentication with the application is determined by
the application, while application's authorization to Box is a different
matter completely.

In these use cases the application authenticates not as a regular Managed User
but as a Service Account or App User. These user types do not have access to any
Managed User's data by default. For these applications to have access to other
Managed User's data they will need explicit <Link href="/guides/authorization/platform-app-approval">admin approval</Link>.

[jwt]: /guides/authentication/jwt

<RelatedLinks
  title="RELATED GUIDES"
  items={[
{ label: translate("OAuth 2.0 Auth"), href: "/guides/authentication/oauth2/index", badge: "GUIDE" },
{ label: translate("JWT Auth"), href: "/guides/authentication/jwt/index", badge: "GUIDE" },
{ label: translate("Platform App"), href: "/guides/applications/platform-apps/index", badge: "GUIDE" },
]}
/>