Activity Insights - Box
This page describes a Limited Availability feature. Contact your Customer Success team to opt in.
To display activity data from Activity Insights, you first must create an OAuth application in Box. You’ll then connect the following Box sources, so IdentityNow can gather your Box account information and activity data.
|Box||Allows you to manage your Box users, groups, and roles in IdentityNow.|
|Activity Insights - Box||Works with your Box identity governance connector to provide activity data for identities.|
Creating an OAuth Application in Box
Before activity insights can display in IdentityNow, you must create an OAuth app in Box.
- From the Box Developer Console, select My Apps.
- Select Create New App > Custom App.
- Enter a name and description for the app.
- Select Integration for the purpose of the app.
- Select Security & Compliance as the category.
- Enter "Activity Insights" as the external system.
- Choose Server Authentication (Client Credentials Grant) and select Create App.
- In the App Access Level section, select App + Enterprise Access.
In the Application Scopes section, select the following scopes:
- Read all files and folders stored in Box
- Manage users
- Manage groups
- Manage retention policies
- Manage enterprise properties
Select Save Changes to save these settings.
You must authorize your application before you can connect Box to IdentityNow.
Authorizing Your OAuth Application
- Within your application in the Developer Console, select the Authorization tab.
- Select Review and Submit to request authorization for access to the Enterprise.
- Enter a description for your application and select Submit.
- Go to the Box Admin Console and select Apps.
- Select the Custom Apps Manager tab.
- Find the application name within the list under Server Authentication Apps.
- Select the More icon > Authorize App.
- Select Authorize.
Your application is now authorized. You can now use your client ID and secret to connect Box to IdentityNow.
Connecting Box to IdentityNow
To connect Box to IdentityNow, you’ll need to configure the following sources in IdentityNow. This will allow IdentityNow to gather account information and activity data from Box.
You may connect your sources in any order.
Configuring the Box Identity Governance Source
Follow the directions to configure your Box source in IdentityNow. You can also edit an existing source.
Configuring the Activity Insights – Box Source
To display activity data from Activity Insights, you must configure the Activity Insights – Box source in IdentityNow.
- Go to Admin > Connections > Sources.
- Select Create New to create a new source.
- Search for and select the Activity Insights – Box connector.
- Enter a source name.
- Enter a description for your source.
- In the Source Owner field, begin typing the name of an owner. Matches appear after you type two letters.
- (Optional) Select a governance group for source management.
- Select Continue to create the source.
- Select Configuration from the left panel.
Enter the following information:
- Enterprise ID - Copy from the App Info section of the General Settings tab.
- Client ID - Copy from the OAuth 2.0 Credentials section of the Configuration tab.
- Client Secret – Select Fetch Client Secret in the OAuth 2.0 Credentials section of the Configuration tab. You may have to complete authentication to fetch your client secret.
Select Save to save these settings.
- Select Review and Test from the left panel.
- Select Test Connection to test the connection between the applications. You must have a successful connection for IdentityNow to gather activity data. If the test is unsuccessful, retry your credentials or contact SailPoint Support.
Your activity data will begin syncing immediately and will update every 24 hours. You must run an aggregation for the Box source to gather accounts.
Users must have Admin access in Box to connect the application to IdentityNow.
IdentityNow requests the following scopes:
|Manage groups||Gives the application permission to manage an enterprise's group.|
|Manage enterprise properties||Gives the application permission to view the enterprise event stream.|
|Admin can make calls on behalf of Users||Allows the application to make API calls on behalf of users using the As-User header.|
|Manage app users||Gives the application permission to manage standard App users.|
|Manage users||Gives the application permission to manage standard (managed) Box users.|
IdentityNow pulls the following user metadata from Box.
|Is Exempt From Device Limits||Indicates whether the user is exempt from enterprise device limits.|
|Is Sync Enabled||Indicates whether the user can use Box Sync.|
|Role||The user’s enterprise role.|
|Max Upload Size||The maximum individual file size in gigabytes the user can have.|
|Space Amount||The user’s total available space amount in gigabytes.|
|Space Used||The amount of space in use by the user in gigabytes.|
|Status||The user’s status.|