...

Step 1 | Create and Configure a JWT Application

• Application Type: Custom App

• Recommendation: OAuth 2.0 with JWT (Server Authentication)

...

Option

...

Configuration

...

Client ID

...

Copy and save separately. Required to create your DryvIQ connection

...

Client Secret

...

Copy and save separately. Required to create your DryvIQ connection

...

Application Access

...

Enterprise

...

Application Scopes

...

• Read and write all files and folders stored in Box

• Manage users

• Manage groups

• Manage enterprise properties

...

Scopes Enabled by Request

...

This scope is needed to transfer content on Box that are locked with "Disable Download" checked

To enable this scope you will need to file a support ticket to get the Box team to enable it for your application. Scope approval will be approved by necessity and merit.

• Global Content Manager

...

Advanced Features

...

• Enable - Perform Actions as Users

• Enable - Generate User Access Tokens

...

Box requires two-factor authentication (2FA) to generate a public / private keypair.

Download Keypair from Box

Save Box download {{public key}}_config.json locally for future reference; required to create your DryvIQ connection.

Alternate Options

1. Add another account as a collaborator that has 2FA enabled 

   • From the Developers Console → go to the General options page

   • "Add New Collaborator" 

   • Log into Box as the collaborator → Developers Console 

   • Configuration → Add and Manage Public Keys → Generate a Public / Private Keypair

2. Generate Keypair Manually

   1. Requires: OpenSSL or Cygwin package

...

On This Page

...

Overview

When you create a Box App in the Box Dev Console, a Box service account is automatically created to represent the application. This page explains how to prepare the account to integrate with the DryvIQ platform.

Enable Two-Factor Authentication

You will need to have a Box account with two-factor verification enabled in order to create the Box App. The instructions below explain how to set up two factor authentication using an authenticator application since this is the recommended method. If you prefer to use SMS text message or email for as the two-step verification method, refer to the instructions available through Box Support for how to set up these methods of multi-factor authentication for your account. If your account already has two-factor verification enabled, you can skip this section. Otherwise, follow the steps below.

1. Log into https://app.box.com.

2. Click your user icon in the upper-right and select Account Settings.
   

   Image Added

3. On the Account Tab, scroll to the 2-Step Verification and click Set up.
   

   Image Added

4. Verify Authenticator App is selected and click Next.
   

   Image Added

5. Box will display a QR code. Scan it with the authenticator application you are using to generate a six-digit authentication code. Enter the code and click submit.
   

   Image Added

6. Enter the mobile phone number that will be used for account recovery and click Submit.
   

   Image Added

7. Box generates three account recover codes that can be used to access your account in the event you lose your device. You should keep copies of these somewhere safe. Click Close to continue.

8. The “Authenticator App” will display as “Enabled.”
   

   Image Added

Create a Box app from the Box Dev Console

To create your Box app, do the following:

1. Log in to the Dev Console for your Box account.

2. Click Create New App.

3. Click Custom App.
   

   Image Added

4. Enter a name and description for your App.
   

   Image Added

5. Specify the Purpose and click Next.
   

   Image Added

6. On the Authentication Method screen, select Server Authentication with JWT (Server Authentication) and click Create App.
   

   Image Added

7. You will be taken to the Configuration page for your new app.

8. Scroll to the OAuth 2.0 Credentials section and find your Client ID. You will use this Client ID to authorize your app on the Admin Console. Click COPY next to the Client ID to copy it to your clipboard.
   

   Image Added

9. Scroll to the App Access Level section and select App + Enterprise Access.
   

   Image Added

10. Scroll to the Advanced Features section and select the Make API calls using the as-user header and Generate user tokens boxes.
    

    Image Added

11. Scroll to the Add and Manage Public Keys section and click Generate a Public/Private Keypair. This downloads a file that contains the information needed to create the Box connector in the DryvIQ Platform. Save the keypair file ({public key}_config.json) locally for future reference. This file is not be saved in Box, so it is important you save this file somewhere where you can access it when you need to create your connection in the DryvIQ Platform.
    

    Image Added

12. Click OK to close the file download screen.

13. Click Save Changes in the upper-right side of the page.

Alternate Options

Box requires two-factor authentication to generate a public/private keypair, but two-factor authentication is not applicable when single sign-on is enabled on Box. In this scenario, you can use one of the following alternative methods to generate the public/private keypair.

Alternate 1: Add another account that has two-factor authentication enabled as a collaborator to the app.

1. In the Developers Console, select the app.

2. Scroll down to the Collaborators sections and click Add New Collaborator.

3. Enter the email address for the account that has two-factor authentication setup and click Add.

4. Log into Box as the collaborator

5. Go to the Developers Console and select the app.

6. Select the Configuration tab.

7. Scroll down to the Add and Manage Public Keys section and click Generate a Public/Private Keypair.

Alternate 2: Generate Keypair Manually. This option requires OpenSSL or Cygwin package.

Authorize the Box app from the Box Admin Console

Perform the following steps to authorize your Box app:

1. Access the Admin Console for your Box account.

2. Click Apps from the left menu.
   

   Image Added

3. Select Custom Apps Manager and then click Add App.
   

   Image Added

4. Enter the Client ID for the app and click Next. (This was the Client ID you copied in step 8 in the previous section.)
   

   Image Added

5. Confirm that the Application Access is “All Users” and click Authorize.
   

   Image Added

6. Confirm that the app you added is listed in the Custom Apps Manager. The Authorization Status should indicate Authorized.
   

   Image Added

7. To review the app configuration, hover on the app in the table and click the View button that displays.
   

   Image Added

8. Confirm App Access is set to All Users.
   

   Image Added

   
   If App Access is not set to All Users, one of the settings is not correct. You you must return to the Dev Console and edit the following settings for the app:

   1. Set App Access Level to App +Enterprise.

   2. Under Advanced Features, select Make API calls using the as-user header and Generate User Access Tokens.

   3. Click Save Changes in the upper-right side of the page.

   4. Return to the Box Admin Console and go back to the Custom Apps Manager page.

   5. Click the … next to the View button for the app.
      

      Image Added

   6. Click Reauthorize App in the menu that displays.
      

      Image Added

   7. Confirm the Application Access column now shows All Users and click Reauthorize.
      

      Image Added

Grant Access for the Application in Your Enterprise

The App Key

...

is the Client ID

...

. It can be found in the Developers Console on the application’s Configuration tab. Additional information can be found in Box’s Custom App Approval documentation.

Related

Box Service Account