Prerequisites

  • A working instance of a Box source for which a domain name, a client ID, and a client secret have already been generated.

  • You must have access to a Box account with the following permissions:

    • Create and retrieve users

    • Enterprise user memberships

    • Box groups

  • Configure at least one virtual appliance cluster and successfully test the connection. For instructions, refer to the Virtual Appliance Reference Guide.

OAuth 2.0 with JWT (Server Authentication)

The Box connector supports JWT authentication (server authentication) on the Box connector configuration page.

For Pre-existing Connectors

If you want to change the authentication method on an existing Box source, complete the following steps:

  1. Manually remove the customAttributesFileLocation entry key from source XML or set the value for this entry to blank (" ") to access the new user interface on your source.

    Note
    If the entry key mentioned above is not removed, by default, the connecter refers to the file that contains the key and value pair required for JWT.

  2. Enter the parameter values on the Connection Settings page.

For New Connectors

Note
You must use the OpenSSL tool to generate a new private/public key for the Box connector. You should not use a public/private key that you can generate on the managed target Box system.

  • The Box connector application must support OAuth 2.0 with JWT (Server Authentication). Complete the following steps to provide support for OAuth 2.0 with JWT:

    1. Go to https://app.box.com/developers/console and select your application and the configuration.

    2. Under Authentication Method select OAuth 2.0 with JWT (Server Authentication).

    3. Under Add and Manage Public Keys section, select Add a Public Key.

    4. Upload the generated public key (Public Key ID).

  • You must generate the public / private key pair using the following commands. These commands can be executed on both Windows and Linux systems.

    Private Key

    openssl genrsa -aes256 -out private_key.pem 2048

    Note
    The password is set while generating the private key.

    Public Key

    openssl rsa -pubout -in private_key.pem -out public_key.pem

    This command provides the keys with 256-bit encryption.

    Open SSL

    Use the following command to generate a private key for legacy open SSL versions, such as 0.9.8, 1.0.2, 1.1.0, or 1.1.1.

    openssl genrsa -aes256 -out private_key.pem 2048

    Use the following command to generate a private key for open SSL version 3.1 and later.

    openssl genrsa -aes256 -out private_key.pem -traditional