Skip to content

Box Connector Prerequisites

Dev Console Setup

In order to monitor and manage user access and folder permissions, create a custom application within Box. This application will be configured with limited permissions, ensuring it only has access to the necessary data and functions.

Generate a public/private key pair by running the following commends. These commands can be executed on both Windows and Linux systems. During the process of key creation, you are prompted to enter a passphrase or password. Use your password management tool to generate a secure passphrase. Remember to record this passphrase in a secure location for future reference.

  • openssl genrsa -aes256 -out private_key.pem 2048
  • openssl rsa -pubout -in private_key.pem -out public_key.pem

Note

Remember the password that is used while generating the private key.

  1. Login into the Box Admin or Co-Admin account.
  2. Select Dev Console at the bottom right.
  3. Within My Apps, select Custom App.
  4. Provide the following details:
    • App Name - Any name you choose
    • Purpose - Integration
    • Categories - Security & Compliance
    • Which external system are you integrating with? - SailPoint
  5. Select Next.
  6. Select Server Authentication(with JWT) and then select Create App.
  7. It now takes you to the Configuration tab.
  8. In the OAuth 2.0 Credentials section, copy Client ID and Client Secret for later use in the Console Authorization.
  9. In the App Access Level section, select App + Enterprise Access. It will check boxes in Application Scope.
  10. In the Application Scopes section, check the following options:
    • Write all filed and folders stored in Box
    • Manage Users
    • Manage Enterprise properties (only select this if you are using Activity Monitoring)
  11. In the Advanced Features section, enable Make API calls using the as-user header and Generate user access tokens.

  12. In the Add and Manage Public Keys section, select Add a Public Key and paste the text from public_key.pem that was generated in step 1. After a public key is added, Box will generate a public Key ID, note it down for later use.

  13. Select Save Changes.

Note

If you have previously authorized the custom app after changing the custom app settings, go to Admin Console and re-authorize the app twice (You have to do this twice. This is a known Box bug).

Box Admin Console Authorization

  1. Log in as an admin or co-admin user.
  2. Select Admin Console on the bottom right. Got to Apps > Custom Apps Manager > Add App.
  3. Provide the Client ID from Dev Console Setup.
  4. Authorize the app.

Box User Permissions

In order to create a Box application, you need to have either Administrator or Co-Administrator privileges in Box. For authentication of the Box application, server authentication is required.

Adding an Identity Security Cloud Box Source

Creating a new separate Box Custom App for Identity Security Cloud is recommended.

For information on how to add a Box source in Identity Security Cloud, view Integrating SailPoint with Box.

Adding an Identity Collector

Perform the following steps to add an identity collector:

  1. Go to Admin > Identity Collectors.
  2. Select Create New on the top right corner to open wizard.

In General details:

  • Type - Box
  • Name - logical name for the Identity Collector (Example: Box IDC)

In Connection Details, select the created Identity Security Cloud Box source.

  1. User and Group Dynamic Fields Mappings are optional.
  2. Select Save.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.