Skip to content

Box Connector Prerequisites

Dev Console Setup

In order to monitor and manage user access and folder permissions, create a custom application within Box. This application will be configured with limited permissions, ensuring it only has access to the necessary data and functions.

Generate a public/private key pair by running the following commends. These commands can be executed on both Windows and Linux systems. During the process of key creation, you are prompted to enter a passphrase or password. Use your password management tool to generate a secure passphrase. Remember to record this passphrase in a secure location for future reference.

  • openssl genrsa -aes256 -out private_key.pem 2048
  • openssl rsa -pubout -in private_key.pem -out public_key.pem


Remember the password that is used while generating the private key.

  1. Login into the Box Admin or Co-Admin account.
  2. Select Dev Console at the bottom right.
  3. Within My Apps, select Custom App.
  4. Provide the following details:
    • App Name - Any name you choose
    • Purpose - Integration
    • Categories - Security & Compliance
    • Which external system are you integrating with? - SailPoint
  5. Select Next.
  6. Select Server Authentication(with JWT) and then select Create App.
  7. It now takes you to the Configuration tab.
  8. In the OAuth 2.0 Credentials section, copy Client ID and Client Secret for later use in the Console Authorization.
  9. In the App Access Level section, select App + Enterprise Access. It will check boxes in Application Scope.
  10. In the Application Scopes section, only check the Write all filed and folders stored in Box and Manage Users checkboxes.
  11. In the Advanced Features section, enable Make API calls using the as-user header and Generate user access tokens.
  12. In the Add and Manage Public Keys section, select Add a Public Key and paste the text from public_key.pem that was generated in step 1. After a public key is added, Box will generate a public Key ID, note it down for later use.

  13. Select Save Changes.

Box Admin Console Authorization

  1. Log in as an admin or co-admin user.
  2. Select Admin Console on the bottom right. Got to Apps > Custom Apps Manager > Add App.
  3. Provide the Client ID from Dev Console Setup.
  4. Authorize the app.

Box User Permissions

In order to create a Box application, you need to have either Administrator or Co-Administrator privileges in Box. For authentication of the Box application, server authentication is required.

Adding an Identity Security Cloud Box Source

Creating a new separate Box Custom App for Identity Security Cloud is recommended.

For information on how to add a Box source in Identity Security Cloud, view Integrating SailPoint with Box.

Adding an Identity Collector

Perform the following steps to add an identity collector:

  1. Go to Admin > Identity Collectors.
  2. Select Create New on the top right corner to open wizard.

In General details:

  • Type - Box
  • Name - logical name for the Identity Collector (Example: Box IDC)

In Connection Details, select the created Identity Security Cloud Box source.

  1. User and Group Dynamic Fields Mappings are optional.
  2. Select Save.