Box Connector Prerequisites
Dev Console Setup
In order to monitor and manage user access and folder permissions, create a custom application within Box. This application will be configured with limited permissions, ensuring it only has access to the necessary data and functions.
Generate a public/private key pair by running the following commends. These commands can be executed on both Windows and Linux systems. During the process of key creation, you are prompted to enter a passphrase or password. Use your password management tool to generate a secure passphrase. Remember to record this passphrase in a secure location for future reference.
openssl genrsa -aes256 -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
Note
Remember the password that is used while generating the private key.
- Login into the Box Admin or Co-Admin account.
- Select Dev Console at the bottom right.
- Within My Apps, select Custom App.
- Provide the following details:
- App Name - Any name you choose
- Purpose - Integration
- Categories - Security & Compliance
- Which external system are you integrating with? - SailPoint
- Select Next.
- Select Server Authentication(with JWT) and then select Create App.
- It now takes you to the Configuration tab.
- In the OAuth 2.0 Credentials section, copy Client ID and Client Secret for later use in the Console Authorization.
- In the App Access Level section, select App + Enterprise Access. It will check boxes in Application Scope.
- In the Application Scopes section, only check the Write all filed and folders stored in Box and Manage Users checkboxes.
- In the Advanced Features section, enable Make API calls using the as-user header and Generate user access tokens.
-
In the Add and Manage Public Keys section, select Add a Public Key and paste the text from public_key.pem that was generated in step 1. After a public key is added, Box will generate a public Key ID, note it down for later use.
-
Select Save Changes.
Box Admin Console Authorization
- Log in as an admin or co-admin user.
- Select Admin Console on the bottom right. Got to Apps > Custom Apps Manager > Add App.
- Provide the Client ID from Dev Console Setup.
- Authorize the app.
Box User Permissions
In order to create a Box application, you need to have either Administrator or Co-Administrator privileges in Box. For authentication of the Box application, server authentication is required.
Adding an Identity Security Cloud Box Source
Creating a new separate Box Custom App for Identity Security Cloud is recommended.
For information on how to add a Box source in Identity Security Cloud, view Integrating SailPoint with Box.
Adding an Identity Collector
Perform the following steps to add an identity collector:
- Go to Admin > Identity Collectors.
- Select Create New on the top right corner to open wizard.
In General details:
- Type - Box
- Name - logical name for the Identity Collector (Example: Box IDC)
In Connection Details, select the created Identity Security Cloud Box source.
- User and Group Dynamic Fields Mappings are optional.
- Select Save.