Configuring the Veza integration for Box
The Veza integration for Box gathers Box Users, Groups, Roles, and Folders from the storage platform. Search, Insights, and Workflows for Box provide the ability to:
See all Box users with administrative privileges on a Box tenant
Review folders that have external guest collaborators.
Review folders with Internal guest collaborators.
Map Okta and Azure AD users and local Box users to ensure there are no local-only users.
Create reports and rules for Box administrators and external collaborators
This guide includes steps to create a Box App to enable the connection, and configure the integration for Veza. See Supported Entities for more details.
The Veza Box integration is compatible with Box, Business, Business Plus, Enterprise, and Enterprise Plus account types. Individual and Team Accounts are not supported.
The integration uses a Box Custom App to collect metadata. To create this read-only service principal:
Box enforces a monthly limit of 50,000 API calls per Box user and App. You can configure more than one Veza Box App if the limit is reached.
Log in to your Box account and open the Developer Console.
Click the "Create New App" button and select "Custom App".
Select Server Authentication (with JWT) as the Authentication Method
Click "Create App".
Configure the custom app in Box:
For "App Access Level" select App + Enterprise Access.
Under the Application Scopes section ensure the following boxes are checked:
Under the Advanced Features section ensure the following boxes are checked:
Save the changes.
Generate a key pair and authorize the custom app:
Under Add and Manage Public Keys click Generate a Public/Private Keypair. A JSON file will be downloaded automatically, containing the private portion of the key and passphrase.
Optionally, you can upload an existing key pair, download the configuration file manually, and complete the key portion.
Under the Authorization tab click Review and Submit to make your new app available.
From the Box Admin console, navigate to Integrations > Platform Apps Manager to see the pending authorization.
Click on the integration, then click Authorize to enable the app for your Box environment. Click Authorize again to confirm the changes.
The JSON file downloaded in step 1 contains the necessary configuration information for setting up the integration in Veza:
{
"boxAppSettings": {
"clientID": "<clientID>",
"clientSecret": "<clientSecret>",
"appAuth": {
"publicKeyID": "<publicKeyID>",
"privateKey": "<privateKey>",
"passphrase": "<passphrase>"
}
},
"enterpriseID": "123456"
}In Veza, go to Configuration > Integrations
Click Add New and choose Box as the integration type
Complete the required fields:
ID
Box Enterprise ID
Name
Display Name
Include Non-shared Items
Whether to parse objects that can only be accessed by their owners
Include External Collaborator Details
Whether to parse full details for external collaborators
App Configurations
One or more Box Apps used for discovery (see note on API limits)
Private Key
Box App Auth Private Key
Passphrase
Box App Auth Passphrase
Client ID
Box App Client ID
Client Secret
Box App Client Secret
Box Enterprise
Box User
Box Group
Box Role
Box Effective Permission
Box Folder
Box Home Folder
Entity Attributes and notes:
A Box user represents an account on the platform used to access personal files and collaborate with others.
status
Box status string, active, inactive, cannot_delete_edit, cannot_delete_edit_upload
is_exempt_from_login_verification
Indicates whether the user must use two-factor authentication (boolean)
role
The user's Box role
Only users from the enterprise are represented as graph entities. External collaborators are shown in Folder properties.
For Box, roles are a set of permissions that can be assigned to a user or group of users, defining the actions an identity can perform, and what data they can access within the platform.
Permissions [0-99]
List of System role permissions
Box User(s) and Group(s) can have a Role defined on Folder(s). Roles can be owner, co-owner, editor, viewer uploader, previewer uploader, viewer, previewer, or uploader.
Box folders are containers used to organize and store files and documents. Folders can be organized hierarchically to create a logical structure for file storage.
A Box User's folders can be private or shared with specific collaborators or groups. Users can set permissions for each folder, determining who has access to the folder and what actions they can perform on the files within the folder.
Box Folder entity attributes indicate external collaborators: HasExternalCollaborators, and a list of ExternalCollaborators containing user IDs, and possibly name and e-mail (if "Include External Collaborator Details" is enabled).
In Graph search, you will be able to see the folder contents of all users' root (home) folders. Box Home Folder entities represent the root-level folder for each Box User.
has_external_collaborators
True if there are external collaborators
external_collaborators
List of external collaborators