Skip to content

Activity Insights - Box

To display activity data from Box, you can set up a single SaaS connector or configure both a virtual appliance (VA) and Activity Insights - Box connector.

Configuring Activity Insights Using the Box SaaS Connector

If you are using the Box SaaS connector, follow the connector guide to enable Activity Insights.

After a successful test connection, you must correlate accounts and run an aggregation for the Box SaaS source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Note

If you previously configured both the Box identity governance and Activity Insights - Box connectors, you do not have to take additional action to continue receiving your data.

Configuring Activity Insights Using a VA-Based Source

If you are setting up Activity Insights using a VA-based connector, you may either use basic authentication or create a connected app in Box using an OAuth 2.0 authentication method to connect Box to Identity Security Cloud. You'll then configure both the Box identity governance and Activity Insights - Box connectors so that Identity Security Cloud can gather your account information and display activity data.

Configuring a Connected App in Box

Before activity insights can display in Identity Security Cloud, you must create an OAuth application in Box. You'll create a connected app using one of the following OAuth 2.0 grant types:

Configuring a Connected App using Client Credentials Grant Type

  1. From the Box Developer Console, select My Apps.
  2. Select Create New App > Custom App.
  3. Enter a name and description for the app.
  4. Select Integration for the purpose of the app.
  5. Select Security & Compliance as the category.
  6. Enter Activity Insights as the external system.
  7. Choose Server Authentication (Client Credentials Grant) and select Create App.
  8. In the App Access Level section, select App + Enterprise Access.
  9. In the Application Scopes section, select Manage enterprise properties.
  10. Select Save Changes to save these settings.

You must authorize your application before you can connect Box to Identity Security.

Configuring a Connected App using a JSON Web Token

  1. Within the Box Developers Console, select My Apps.
  2. Select Create New App > Custom App.
  3. Enter a name and description for the app.
  4. Select Integration for the purpose of the app.
  5. Select Security & Compliance as the category.
  6. Enter Activity Insights as the external system.
  7. Under Authentication Method select OAuth 2.0 with JWT (Server Authentication).
  8. In the App Access Level section, select App + Enterprise Access.
  9. In the Application Scopes section, select Manage enterprise properties.

  10. Use Open SSL to generate the private and public keys, using the following commands:

    Public Key

    • Use the following command to generate a public key with 256-bit encryption.

      openssl rsa -pubout -in private_key.pem -out public_key.pem

    Open SSL

    • Use the following command to generate a private key for Open SSL version 3.1 and later.

      openssl genrsa -aes256 -out private_key.pem -traditional

    • Use the following command to generate a private key for legacy Open SSL versions, such as 0.9.8, 1.0.2, 1.1.0, or 1.1.1.

      openssl genrsa -aes256 -out private_key.pem 2048

  11. Under Add and Manage Public Keys section, select Add a Public Key.

  12. Upload the generated public key (Public Key ID).

  13. Select Save Changes to save these settings.

You must authorize your application before you can connect Box to Identity Security.

Authorizing Your OAuth Application

  1. Within your application in the Developer Console, select the Authorization tab.
  2. Select Review and Submit to request authorization for access to the Enterprise.
  3. Enter a description for your application and select Submit.
  4. Go to the Box Admin Console and select Apps.
  5. Select the Custom Apps Manager tab.
  6. Find the application name within the list under Server Authentication Apps.
  7. Select the More icon > Authorize App.
  8. Select Authorize.

Your application is now authorized. You can now use your client ID and secret to configure the Box identity governance source in Identity Security Cloud.

Configuring the Box Identity Governance Source

Follow the directions to configure your Box source in Identity Security Cloud. You can also edit an existing source.

Configuring the Activity Insights - Box Source

To display activity data from Box, you must configure the Activity Insights - Box source in Identity Security Cloud.

  1. Go to Admin > Connections > Sources.
  2. Select Create New to create a new source.
  3. Search for and select the Activity Insights - Box connector.
  4. Enter a name and description for your source.
  5. In the Source Owner field, begin typing the name of an owner. Matches appear after you type two letters.
  6. (Optional) Select a governance group for source management.
  7. Select the checkbox if the source is an authoritative source.
  8. Select Continue to create the source.
  9. Select Configuration from the left panel.

  10. Select Grant Type and enter the required information:

    Client Credentials

    • Enterprise ID - Copy from the App Info section of the General Settings tab.
    • Client ID - Copy from the OAuth 2.0 Credentials section of the Configuration tab.
    • Client Secret - Select Fetch Client Secret in the OAuth 2.0 Credentials section of the Configuration tab. You may have to complete authentication to fetch your client secret.

    JWT Key Pair Authentication

    • Enterprise ID - Copy from the App Info section of the General Settings tab.
    • Client ID - Copy from the OAuth 2.0 Credentials section of the Configuration tab.
    • Client Secret - Select Fetch Client Secret in the OAuth 2.0 Credentials section of the Configuration tab. You may have to complete authentication to fetch your client secret.
    • Public Key ID - Public Key ID generated by Box and provided upon submission of a Public Key.
    • Private Key - Text used for encrypting the JWT assertion.
    • Private Key Password - Used to decrypt the private key.

  11. Select Save to save these settings.

  12. Select Review and Test from the left panel.
  13. Select Test Connection to test the connection between the applications. You must have a successful connection for Identity Security Cloud to gather activity data. If the test is unsuccessful, retry your credentials or contact SailPoint Support.

To gather account data, you must correlate accounts and run an aggregation for the Box identity governance source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Required Permissions

Users must have Admin access in Box to connect the application to Identity Security Cloud.

Requested Scopes

Identity Security Cloud requests the following scopes:

Scopes Description
Manage enterprise properties Gives the application permission to view the enterprise event stream.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.