Box
Configuring the Veza integration for Box
The Veza integration for Box gathers Box Users, Groups, Roles, and Folders from the storage platform. Search, Insights, and Workflows for Box provide the ability to:
See all Box users with administrative privileges on a Box tenant
Review folders that have external guest collaborators.
Review folders with Internal guest collaborators.
Map Okta and Azure AD users and local Box users to ensure there are no local-only users.
Create reports and rules for Box administrators and external collaborators
This guide includes steps to create a Box App to enable the connection, and configure the integration for Veza. See Supported Entities for more details.
Configuration - Box
The Veza Box integration is compatible with Box, Business, Business Plus, Enterprise, and Enterprise Plus account types. Individual and Team Accounts are not supported.
The integration uses a Box Custom App to collect metadata. To create this read-only service principal:
Box enforces a monthly limit of 50,000 API calls per Box user and App. You can configure more than one Veza Box App if the limit is reached.
Log in to your Box account and open the Developer Console.
Click the "Create New App" button and select "Custom App".
Select Server Authentication (with JWT) as the Authentication Method
Click "Create App".
Configure the custom app in Box:
For "App Access Level" select App + Enterprise Access.
Under the Application Scopes section ensure the following boxes are checked:
Under the Advanced Features section ensure the following boxes are checked:
Save the changes.
Generate a key pair and authorize the custom app:
Under Add and Manage Public Keys click Generate a Public/Private Keypair. A JSON file will be downloaded automatically, containing the private portion of the key and passphrase.
Optionally, you can upload an existing key pair, download the configuration file manually, and complete the key portion.
Under the Authorization tab click Review and Submit to make your new app available.
From the Box Admin console, navigate to Apps > Custom Apps Manager to see the pending authorization.
Click View then Authorize to enable the app for your Box environment.
At the bottom of the configuration page, you can download the Box app settings as JSON for setting up the integration in Veza:
Configuration - Veza
In Veza, go to Configuration > Integrations
Click Add New and choose Box as the integration type
Complete the required fields:
Field | Description |
---|---|
ID | Box Enterprise ID |
Name | Display Name |
Include Non-shared Items | Whether to parse objects that can only be accessed by their owners |
Include External Collaborator Details | Whether to parse full details for external collaborators |
App Configurations | One or more Box Apps used for discovery (see note on API limits) |
Private Key | Box App Auth Private Key |
Passphrase | Box App Auth Passphrase |
Client ID | Box App Client ID |
Client Secret | Box App Client Secret |
Supported Entities
Box Enterprise
Box User
Box Group
Box Role
Box Effective Permission
Box Folder
Box Home Folder
Entity Attributes and notes:
Box User
A Box user represents an account on the platform used to access personal files and collaborate with others.
User Properties | Details |
---|---|
| Box status string, |
| Indicates whether the user must use two-factor authentication (boolean) |
| The user's Box role |
Only users from the enterprise are represented as graph entities. External collaborators are shown in Folder properties.
Box Role
For Box, roles are a set of permissions that can be assigned to a user or group of users, defining the actions an identity can perform, and what data they can access within the platform.
Role Properties | Details |
---|---|
| List of System role permissions |
Box User(s) and Group(s) can have a Role defined on Folder(s). Roles can be owner
, co-owner
, editor
, viewer uploader
, previewer uploader
, viewer
, previewer
, or uploader
.
Box Folder
Box folders are containers used to organize and store files and documents. Folders can be organized hierarchically to create a logical structure for file storage.
A Box User's folders can be private or shared with specific collaborators or groups. Users can set permissions for each folder, determining who has access to the folder and what actions they can perform on the files within the folder.
Box Folder entity attributes indicate external collaborators: HasExternalCollaborators
, and a list of ExternalCollaborators
containing user IDs, and possibly name and e-mail (if "Include External Collaborator Details" is enabled).
In Graph search, you will be able to see the folder contents of all users' root (home) folders. Box Home Folder entities represent the root-level folder for each Box User.
Folder Properties | Details |
---|---|
| True if there are external collaborators |
| List of external collaborators |
Last updated