> ## Documentation Index
> Fetch the complete documentation index at: https://developer.box.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Find app user for SSO identity

export const Link = ({href, children, className, ...props}) => {
  const localizedHref = localizeLink(href);
  return <a href={localizedHref} className={className} {...props}>
      {children}
    </a>;
};

export const MultiRelatedLinks = ({sections = []}) => {
  if (!sections || sections.length === 0) {
    return null;
  }
  return <div className="space-y-8">
      {sections.map((section, index) => <RelatedLinks key={index} title={section.title} items={section.items} />)}
    </div>;
};

export const RelatedLinks = ({title, items = []}) => {
  const getBadgeClass = badge => {
    if (!badge) return "badge-default";
    const badgeType = badge.toLowerCase().replace(/\s+/g, "-");
    return `badge-${badge === "ガイド" ? "guide" : badgeType}`;
  };
  if (!items || items.length === 0) {
    return null;
  }
  return <div className="my-8">
      {}
      <h3 className="text-sm font-bold uppercase tracking-wider mb-4">{title}</h3>

      {}
      <div className="flex flex-col gap-3">
        {items.map((item, index) => <a key={index} href={item.href} className="py-2 px-3 rounded related_link hover:bg-[#f2f2f2] dark:hover:bg-[#111827] flex items-center gap-3 group no-underline hover:no-underline border-b-0">
            {}
            <span className={`px-2 py-1 rounded-full text-xs font-semibold uppercase tracking-wide flex-shrink-0 ${getBadgeClass(item.badge)}`}>
              {item.badge}
            </span>

            {}
            <span className="text-base">{item.label}</span>
          </a>)}
      </div>
    </div>;
};

When a user logs into a Box platform application with their SSO provider, the
first step that should be taken is to see if that user already exists from a
previous login attempt where a Box user record was already created.

If a Box user is found you should
<Link href="/guides/authentication/jwt/user-access-tokens">create a user access token</Link>,
or make <Link href="/guides/authentication/jwt/as-user">as user calls</Link>, to access Box
APIs as that user.

If a Box user is not found you should create a new user with an association to
the SSO user record.

To search for existing users the <Link href="/reference/get-users">List Enterprise Users</Link>
endpoint may be used. Depending on whether you're using the
`external_app_user_id` or `login` method your query will look slightly
different.

## Find user by `external_app_user_id`

To search for enterprise users by the stored `external_app_user_id` value you
will need one piece of information from the SSO provider:

* UID (required): The unique identifier from the SSO user record.

Once available, make a request to the list enterprise users endpoint, supplying
the `external_app_user_id` definition in the parameters.

<Warning>
  You can retrieve app users for a specific application only if
  such app users were created by this application.
  If you use one application to search for users
  created by a different one, no data will be returned.
</Warning>

<CodeGroup>
  ```js Node theme={null}
  const ssoUID = 'SSO User Unique ID';

  // Check enterprise users for matching external_app_user_id against SSO UID
  client.enterprise.getUsers({ "external_app_user_id": ssoUID })
  .then((users) => {
      if (users.total_count > 0) {
          // User found, fetch user ID
          const userId = users.entries[0].id;
      } else {
          // User not found - create new user record
      }
  });
  ```

  ```java Java theme={null}
  String ssoUID = "SSO User Unique ID";

  // Check enterprise users for matching external_app_user_id against SSO UID
  URL url = new URL("https://api.box.com/2.0/users?external_app_user_id=" + ssoUID);
  BoxAPIRequest request = new BoxAPIRequest(client, url, "GET");
  BoxJSONResponse jsonResponse = (BoxJSONResponse) request.send();
  JsonObject jsonObj = jsonResponse.getJsonObject();
  JsonValue totalCount = jsonObj.get("total_count");

  if (totalCount.asInt() > 0) {
      // User found, fetch
      // Fetch user ID
      JsonArray entries = (JsonArray) jsonObj.get("entries");
      JsonObject userRecord = (JsonObject) entries.get(0);
      JsonValue userId = userRecord.get("id");
  } else {
      // User not found - create new user record
  }
  ```

  ```python Python theme={null}
  sso_uid = 'SSO User Unique ID'

  # Validate is user exists
  url = f'https://api.box.com/2.0/users?external_app_user_id={sso_uid}'
  headers = {'Authorization': 'Bearer ' + access_token}
  response = requests.get(url, headers=headers)
  user_info = response.json()

  if (user_info['total_count'] == 0):
      # User not found - create new user record
  else:
      # User found, fetch user ID
      user = user_info['entries'][0]
      user_id = user['id']
  ```
</CodeGroup>

## Find user by email address

To search for enterprise users by their `login` email you
will need one piece of information from the SSO provider:

* Email (required): The unique email from the SSO user record.

Once available, make a request to the list enterprise users endpoint, supplying
the email address as the `filter_term`, which is made available to search by
email or name.

<CodeGroup>
  ```js Node theme={null}
  const ssoEmail = 'ssouser@email.com';

  client.enterprise.getUsers({filter_term: ssoEmail})
      .then(users => {
          if (users.total_count > 0) {
              // User found, fetch user ID
              const userId = users.entries[0].id;
          } else {
              // User not found - create new user record
          }
      });
  ```

  ```java Java theme={null}
  String ssoEmail = "ssouser@email.com";

  Iterable<BoxUser.Info> users = BoxUser.getAllEnterpriseUsers(client, ssoEmail);
  ```

  ```python Python theme={null}
  sso_email = 'ssouser@email.com'

  users = client.users(user_type='all', filter_term=ssoEmail)
  if (users['total_count'] == 0):
      # User not found - create new user record
  else:
      # User found, fetch user ID
      user = users['entries'][0]
      user_id = user['id']
  ```
</CodeGroup>

<RelatedLinks
  title="RELATED APIS"
  items={[
{ label: translate("List enterprise users"), href: "/reference/get-users", badge: "GET" }
]}
/>

<RelatedLinks
  title="RELATED GUIDES"
  items={[
{ label: translate("Create connection between SSO identity and app user"), href: "/guides/sso-identities-and-app-users/create-app-user", badge: "GUIDE" }
]}
/>
