Prerequisites

  • A working instance of a Box source for which a domain name, a client ID, and a client secret have already been generated.

  • You must have access to a Box account with the following permissions:

    • Create and retrieve users

    • Enterprise user memberships

    • Box groups

Authentication

The Box SaaS connector supports JWT authentication (server authentication) and Client Credentials authentication on the Box SaaS connector configuration page.

For Preexisting Connectors

If you want to change the authentication method on an existing Box source, complete the following steps:

  1. Manually remove the customAttributesFileLocation entry key from source XML or set the value for this entry to blank (" ") to access the new user interface on your source.

    Note
    If the entry key mentioned above is not removed, by default, the connecter refers to the file that contains the key and value pair required for JWT.

  2. Enter the parameter values on the Connection Settings page.

For New Connectors

Note
You must use the OpenSSL tool to generate a new private/public key for the Box connector. You should not use a public/private key that you can generate on the managed target Box system.

  • The Box SaaS connector application must support OAuth 2.0 with JWT (Server Authentication). Complete the following steps to provide support for OAuth 2.0 with JWT:

    1. Go to the Box Developers Console then select your application and the configuration.

    2. Under Authentication Method select OAuth 2.0 with JWT (Server Authentication).

    3. Under Add and Manage Public Keys section, select Add a Public Key.

    4. Upload the generated public key (Public Key ID).

  • You must generate the public / private key pair using the following commands. These commands can be executed on both Windows and Linux systems.

    Private Key

    openssl genrsa -aes256 -out private_key.pem 2048

    Note
    The password is set while generating the private key.

    Public Key

    openssl rsa -pubout -in private_key.pem -out public_key.pem

    This command provides the keys with 256-bit encryption. If encryption is set to more than 128-bits, download the JCE Unlimited Strength .zip file from Oracle for the JRE version that you are using and extract the following .jar files of your JRE:

    • local_policy.jar

    • US_export_policy.jar

    Important
    Replace these .jar files in your JRE (jre_directory/lib/security).

    Open SSL

    Use the following command to generate a private key for legacy open SSL versions, such as 0.9.8, 1.0.2, 1.1.0, or 1.1.1.

    openssl genrsa -aes256 -out private_key.pem 2048

    Use the following command to generate a private key for open SSL version 3.1 and later.

    openssl genrsa -aes256 -out private_key.pem -traditional

The Box SaaS connector application must support Client Credentials Grant (Server Authentication). Complete the following steps to provide support for Client Credentials Grant :

  1. Go to the Box Developers Console then select your application and the configuration.

  2. Under Authentication Method select Client Credentials Grant (Server Authentication).