Skip to content

Activity Insights - Box

To display activity data from Box, you first must create an OAuth application. You’ll then connect the following required sources so that Identity Security Cloud can gather your Box account information and activity data.

Required Connectors

Connector Description
Box The identity governance connector allows you to manage your Box users, groups, and roles in Identity Security Cloud.
Activity Insights - Box The Activity Insights connector works with your Box identity governance connector to provide activity data for identities.

Creating an OAuth Application in Box

Before activity insights can display in Identity Security Cloud, you must create an OAuth application in Box.

  1. From the Box Developer Console, select My Apps.
  2. Select Create New App > Custom App.
  3. Enter a name and description for the app.
  4. Select Integration for the purpose of the app.
  5. Select Security & Compliance as the category.
  6. Enter "Activity Insights" as the external system.
  7. Choose Server Authentication (Client Credentials Grant) and select Create App.
  8. In the App Access Level section, select App + Enterprise Access.
  9. In the Application Scopes section, select the following scopes:

    • Read all files and folders stored in Box
    • Manage users
    • Manage groups
    • Manage retention policies
    • Manage enterprise properties
  10. Select Save Changes to save these settings.

You must authorize your application before you can connect Box to Identity Security.

Authorizing Your OAuth Application

  1. Within your application in the Developer Console, select the Authorization tab.
  2. Select Review and Submit to request authorization for access to the Enterprise.
  3. Enter a description for your application and select Submit.
  4. Go to the Box Admin Console and select Apps.
  5. Select the Custom Apps Manager tab.
  6. Find the application name within the list under Server Authentication Apps.
  7. Select the More icon > Authorize App.
  8. Select Authorize.

Your application is now authorized. You can now use your client ID and secret to connect Box to Identity Security Cloud.

Connecting Box to Identity Security Cloud for Activity Insights

To connect Box to Identity Security Cloud, you’ll need to configure the Box identity governance and Activity Insights - Box sources. This will allow Identity Security Cloud to gather account information and activity data from Box.

Configuring the Box Identity Governance Source

Follow the directions to configure your Box source in Identity Security Cloud. You can also edit an existing source.

Configuring the Activity Insights - Box Source

To display activity data from Box, you must configure the Activity Insights - Box source in Identity Security Cloud.

  1. Go to Admin > Connections > Sources.
  2. Select Create New to create a new source.
  3. Search for and select the Activity Insights - Box connector.
  4. Enter a name and description for your source.
  5. In the Source Owner field, begin typing the name of an owner. Matches appear after you type two letters.
  6. (Optional) Select a governance group for source management.
  7. Select the checkbox if the source is an authoritative source.
  8. Select Continue to create the source.
  9. Select Configuration from the left panel.
  10. Enter the following information:

    • Enterprise ID - Copy from the App Info section of the General Settings tab.
    • Client ID - Copy from the OAuth 2.0 Credentials section of the Configuration tab.
    • Client Secret - Select Fetch Client Secret in the OAuth 2.0 Credentials section of the Configuration tab. You may have to complete authentication to fetch your client secret.
  11. Select Save to save these settings.

  12. Select Review and Test from the left panel.
  13. Select Test Connection to test the connection between the applications. You must have a successful connection for Identity Security Cloud to gather activity data. If the test is unsuccessful, retry your credentials or contact SailPoint Support.

To gather account data, you must correlate accounts and run an aggregation for the Box identity governance source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Required Permissions

Users must have Admin access in Box to connect the application to Identity Security Cloud.

Requested Scopes

Identity Security Cloud requests the following scopes:

Scopes Description
Manage groups Gives the application permission to manage an enterprise's group.
Manage enterprise properties Gives the application permission to view the enterprise event stream.
Admin can make calls on behalf of Users Allows the application to make API calls on behalf of users using the As-User header.
Manage app users Gives the application permission to manage standard App users.
Manage users Gives the application permission to manage standard (managed) Box users.

Documentation Feedback