User Guide
Release Notes

Box

Configuring the Veza integration for Box

The Veza integration for Box gathers Box Users, Groups, Roles, and Folders from the storage platform. Search, Insights, and Workflows for Box provide the ability to:

  • See all Box users with administrative privileges on a Box tenant

  • Review folders that have external guest collaborators.

  • Review folders with Internal guest collaborators.

  • Map Okta and Azure AD users and local Box users to ensure there are no local-only users.

  • Create reports and rules for Box administrators and external collaborators

This guide includes steps to create a Box App to enable the connection, and configure the integration for Veza. See Supported Entities for more details.

Configuration - Box

The Veza Box integration is compatible with Box, Business, Business Plus, Enterprise, and Enterprise Plus account types. Individual and Team Accounts are not supported.

The integration uses a Box Custom App to collect metadata. To create this read-only service principal:

Box enforces a monthly limit of 50,000 API calls per Box user and App. You can configure more than one Veza Box App if the limit is reached.

  1. Log in to your Box account and open the Developer Console.

  2. Click the "Create New App" button and select "Custom App".

  3. Select Server Authentication (with JWT) as the Authentication Method

  4. Click "Create App".

Configure the custom app in Box:

  1. For "App Access Level" select App + Enterprise Access.

  2. Under the Application Scopes section ensure the following boxes are checked:

  3. Under the Advanced Features section ensure the following boxes are checked:

  4. Save the changes.

Generate a key pair and authorize the custom app:

  1. Under Add and Manage Public Keys click Generate a Public/Private Keypair. A JSON file will be downloaded automatically, containing the private portion of the key and passphrase.

    • Optionally, you can upload an existing key pair, download the configuration file manually, and complete the key portion.

  2. Under the Authorization tab click Review and Submit to make your new app available.

  3. From the Box Admin console, navigate to Apps > Custom Apps Manager to see the pending authorization.

  4. Click View then Authorize to enable the app for your Box environment.

At the bottom of the configuration page, you can download the Box app settings as JSON for setting up the integration in Veza:

{
  "boxAppSettings": {
    "clientID": "<clientID>",
    "clientSecret": "<clientSecret>",
    "appAuth": {
      "publicKeyID": "<publicKeyID>",
      "privateKey": "<privateKey>",
      "passphrase": "<passphrase>"
    }
  },
  "enterpriseID": "123456"
}

Configuration - Veza

  1. In Veza, go to Configuration > Integrations

  2. Click Add New and choose Box as the integration type

  3. Complete the required fields:

FieldDescription

ID

Box Enterprise ID

Name

Display Name

Include Non-shared Items

Whether to parse objects that can only be accessed by their owners

Include External Collaborator Details

Whether to parse full details for external collaborators

App Configurations

One or more Box Apps used for discovery (see note on API limits)

Private Key

Box App Auth Private Key

Passphrase

Box App Auth Passphrase

Client ID

Box App Client ID

Client Secret

Box App Client Secret

Supported Entities

  • Box Enterprise

  • Box User

  • Box Group

  • Box Role

  • Box Effective Permission

  • Box Folder

  • Box Home Folder

Entity Attributes and notes:

Box User

A Box user represents an account on the platform used to access personal files and collaborate with others.

User PropertiesDetails

status

Box status string, active, inactive, cannot_delete_edit, cannot_delete_edit_upload

is_exempt_from_login_verification

Indicates whether the user must use two-factor authentication (boolean)

role

The user's Box role

Only users from the enterprise are represented as graph entities. External collaborators are shown in Folder properties.

Box Role

For Box, roles are a set of permissions that can be assigned to a user or group of users, defining the actions an identity can perform, and what data they can access within the platform.

Role PropertiesDetails

Permissions [0-99]

List of System role permissions

Box User(s) and Group(s) can have a Role defined on Folder(s). Roles can be owner, co-owner, editor, viewer uploader, previewer uploader, viewer, previewer, or uploader.

Box Folder

Box folders are containers used to organize and store files and documents. Folders can be organized hierarchically to create a logical structure for file storage.

A Box User's folders can be private or shared with specific collaborators or groups. Users can set permissions for each folder, determining who has access to the folder and what actions they can perform on the files within the folder.

Box Folder entity attributes indicate external collaborators: HasExternalCollaborators, and a list of ExternalCollaborators containing user IDs, and possibly name and e-mail (if "Include External Collaborator Details" is enabled).

In Graph search, you will be able to see the folder contents of all users' root (home) folders. Box Home Folder entities represent the root-level folder for each Box User.

Folder PropertiesDetails

has_external_collaborators

True if there are external collaborators

external_collaborators

List of external collaborators

PreviousBambooHRNextConcur

Last updated