Box Platform
  • 22 Oct 2023
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Box Platform

  • Dark
    Light
  • PDF

Article Summary

Box Platform provides data security, file sharing, collaborating, and content management tools. Box Platform provides access to Box APIs.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Users
  • SaaS data

Parameters

  1. Box Platform enterprise ID (required) - Specify your Box enterprise account ID.
    The Box Platform enterprise ID is located in the Enterprise settings view. Click the Admin Console link from the top of your Box account. Then choose the Gear icon / Enterprise settings. Your Enterprise ID may also be located in the Account and Billing tab of the Admin Console.

  2. Client ID and Box Platform private key configuration file (required) - The Client ID and private key configuration file that provides the Required Permissions to fetch assets.

  3. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

  4. Box Login URL (only used to fetch SaaS data) - The URL as it appears in the browser's address bar after signing-in.

  5. Username and Password (only used to fetch SaaS data) - The username and the password of Axonius SaaS Management dedicated user credentials.

  6. 2FA Secret Key (only used to fetch SaaS data) - The secret generated in the adapter for setting up 2-factor authentication for the adapter user created to collect SaaS Management data.

  7. Use SSO - (only used to fetch SaaS data) - Select this option if your organization uses SSO to log in to Box Platform. When you check Use SSO enter the SSO username, password, and the 2FA from the SSO provider, in these configuration fields, instead of BOX credentials.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

BoxPlatform

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Fetch Groups - Select this option to fetch Box groups
  2. Fetch User Last Login Time - Select this option to fetch the last time the user logged in.
Note:

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

APIs

Axonius uses the Box REST API - List enterprise users.

Required Permissions

The following permissions (App Scopes) are required to fetch users

  • Read and write all files and folders stored in Box
    • Manage groups
    • Manage enterprise properties
    • Manage users
    • Manage app users

The following permissions (App Scopes) are required to fetch SaaS data

  • Manage users
  • Manage groups
  • Manage enterprise properties

Adapter Integration Setup

Create a user account

Note:

Only required for fetching SaaS data. While to access SaaS data you need to grant roles and/or permissions that include write capabilities, the adapter only actually reads data from the application.

Note:
  • It is recommended for the username and password to be derived from a newly created user account dedicated for the usage of Axonius SaaS Management. Retrieve the username and password from that user account.
    *When single-sign-on is enabled, and direct login flow is disabled, then it is recommended to derive the username and password from a user account maintained by the single-sign-on solution.
  1. Login into Box as an administrator and navigate to Admin Console > Users & Groups, and then click on the '+ User' button.
  2. Uncheck Allow this user to sync files between Box and the user's desktop.
  3. Click on the Add User button.
  4. Look up for the newly created user, click on its options button, and then click on Change User Settings.
  5. Check Exempt this user from maximum allowed devices.
  6. Check Exempt this user from 2-step login verification.
  7. Check User is granted the following administrative privileges.
  8. Clear the following:
    1. Manage users
    2. Manage groups
    3. View users' content
    4. Edit users' content
    5. Log in to users' accounts
    6. Create, edit and delete automations for your company
    7. Create and edit metadata templates for your company
  9. Check the following:
    1. View settings and apps for your company
    2. Edit settings and apps for your company
    3. Run new reports and access existing reports
    4. View automations set up for your company
  10. Click on the Save button.

Create an application

The values supplied in Client ID and Box Platform private key configuration file refer to the generated Client ID and private key configuration file for your Custom App using JWT authentication:

  1. Set up a Custom App - Set up a Custom App using JWT authentication. For details, see Box Guides - Setup with JWT. The following App Scopes are required:
    • Read and write all files and folders stored in Box
    • Manage groups
    • Manage enterprise properties
    • Manage users
    • Manage app users
  2. Create Box Platform private key configuration file - After a Custom App has been created to use JWT authentication, there is an option available in the Developer Console to have Box create a configuration file. This file will include the keypair as well as a number of other application details that are used during authentication.
    1. Click on the "Configuration" option from the left sidebar in your application and scroll down to the "Add and Manage Public Keys" section.
      image.png
    2. Click the "Generate a Public/Private Keypair" button to have Box generate a keypair. This will trigger the download of a JSON configuration file that you can move to your application code.
    3. Upload this file as the Box Platform private key configuration file.
  3. Get Client ID - The Client ID of the application that is requesting to authenticate the user. To get the Client ID for your application:
    1. log in to your Box developer console and click the Edit Application link for the application you're working with.
    2. In the OAuth 2.0 Parameters section of the configuration page, find the item labelled client_id. The text of that item is your application's Client ID.

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.