Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

Panel
bgColor#FFFAE6

Creating a Box Service Account
To create a box service account, step-by-step instructions can be found at https://developer.box.com/docs/setting-up-a-jwt-app

  • The rest of this documentation is supplemental to Box's instructions; linked steps below.

  • The purpose of this documentation is to highlight the information DryvIQ requires while provisioning the Box Service Account.

Step 1 | Create and Configure a JWT Application

  • Application Type: Custom App

  • Recommendation: OAuth 2.0 with JWT (Server Authentication)

...

Option

...

Configuration

...

Client ID

...

Copy and save separately. Required to create your DryvIQ connection

...

Client Secret

...

Copy and save separately. Required to create your DryvIQ connection

...

Application Access

...

Enterprise

...

Application Scopes

...

  • Read and write all files and folders stored in Box

  • Manage users

  • Manage groups

  • Manage enterprise properties

...

Scopes Enabled by Request

...

This scope is needed to transfer content on Box that are locked with "Disable Download" checked

To enable this scope you will need to file a support ticket to get the Box team to enable it for your application. Scope approval will be approved by necessity and merit.

  • Global Content Manager

...

Advanced Features

...

  • Enable - Perform Actions as Users

  • Enable - Generate User Access Tokens

...

Box requires two-factor authentication (2FA) to generate a public / private keypair.

Download Keypair from Box

Save Box download {{public key}}_config.json locally for future reference; required to create your DryvIQ connection.

Alternate Options

Panel
bgColor#FFFAE6

Note: Two-Factor Authentication (2FA) is not applicable when Single Sign-On (SSO) is enabled on Box

  1. Add another account as a collaborator that has 2FA enabled 

    • From the Developers Console → go to the General options page

    • "Add New Collaborator" 

    • Log into Box as the collaborator → Developers Console 

    • Configuration → Add and Manage Public Keys → Generate a Public / Private Keypair

  2. Generate Keypair Manually

    1. Requires: OpenSSL or Cygwin package

...

On This Page

Table of Contents
stylenone

...

Overview

When you create a Box App in the Box Dev Console, a Box service account is automatically created to represent the application. This page explains how to prepare the account to integrate with the DryvIQ platform.

Enable Two-Factor Authentication

You will need to have a Box account with two-factor verification enabled in order to create the Box App. The instructions below explain how to set up two factor authentication using an authenticator application since this is the recommended method. If you prefer to use SMS text message or email for as the two-step verification method, refer to the instructions available through Box Support for how to set up these methods of multi-factor authentication for your account. If your account already has two-factor verification enabled, you can skip this section. Otherwise, follow the steps below.

Info

You will need to have an authenticator application installed on the mobile device you will be using for for the two-step verification before you begin this process.

  1. Log into https://app.box.com.

  2. Click your user icon in the upper-right and select Account Settings.

    Accout Settings.pngImage Added

  3. On the Account Tab, scroll to the 2-Step Verification and click Set up.

    2-step Verification.pngImage Added

  4. Verify Authenticator App is selected and click Next.

    Auth App.pngImage Added

  5. Box will display a QR code. Scan it with the authenticator application you are using to generate a six-digit authentication code. Enter the code and click submit.

    QR Code and Authentication Code.pngImage Added

  6. Enter the mobile phone number that will be used for account recovery and click Submit.

    5 Recovery Phone.pngImage Added

  7. Box generates three account recover codes that can be used to access your account in the event you lose your device. You should keep copies of these somewhere safe. Click Close to continue.

  8. The “Authenticator App” will display as “Enabled.”

    2-Factor Enabled.pngImage Added

Create a Box app from the Box Dev Console

To create your Box app, do the following:

  1. Log in to the Dev Console for your Box account.

  2. Click Create New App.

  3. Click Custom App.

    Custom App.pngImage Added

  4. Enter a name and description for your App.

    Create Custom app 1 of 2 App Name and Desc.pngImage Added

  5. Specify the Purpose and click Next.

    Create Custom app 1 of 2 Next2.pngImage Added

  6. On the Authentication Method screen, select Server Authentication with JWT (Server Authentication) and click Create App.

    Create Custom App 2 of 2.pngImage Added

  7. You will be taken to the Configuration page for your new app.

  8. Scroll to the OAuth 2.0 Credentials section and find your Client ID. You will use this Client ID to authorize your app on the Admin Console. Click COPY next to the Client ID to copy it to your clipboard.

    Client ID.pngImage Added

  9. Scroll to the App Access Level section and select App + Enterprise Access.

    App Enterprise Access.pngImage Added

  10. Scroll to the Advanced Features section and select the Make API calls using the as-user header and Generate user tokens boxes.

    Advanced Featured.pngImage Added

  11. Scroll to the Add and Manage Public Keys section and click Generate a Public/Private Keypair. This downloads a file that contains the information needed to create the Box connector in the DryvIQ Platform. Save the keypair file ({public key}_config.json) locally for future reference. This file is not be saved in Box, so it is important you save this file somewhere where you can access it when you need to create your connection in the DryvIQ Platform.

    Generate Keypair.pngImage Added

  12. Click OK to close the file download screen.

  13. Click Save Changes in the upper-right side of the page.

Alternate Options

Box requires two-factor authentication to generate a public/private keypair, but two-factor authentication is not applicable when single sign-on is enabled on Box. In this scenario, you can use one of the following alternative methods to generate the public/private keypair.

Alternate 1: Add another account that has two-factor authentication enabled as a collaborator to the app.

  1. In the Developers Console, select the app.

  2. Scroll down to the Collaborators sections and click Add New Collaborator.

  3. Enter the email address for the account that has two-factor authentication setup and click Add.

  4. Log into Box as the collaborator

  5. Go to the Developers Console and select the app.

  6. Select the Configuration tab.

  7. Scroll down to the Add and Manage Public Keys section and click Generate a Public/Private Keypair.

Alternate 2: Generate Keypair Manually. This option requires OpenSSL or Cygwin package.

Authorize the Box app from the Box Admin Console

Perform the following steps to authorize your Box app:

  1. Access the Admin Console for your Box account.

  2. Click Apps from the left menu.

    Apps.pngImage Added

  3. Select Custom Apps Manager and then click Add App.

    Custom App Add App.pngImage Added

  4. Enter the Client ID for the app and click Next. (This was the Client ID you copied in step 8 in the previous section.)

    Paste Client ID.pngImage Added

  5. Confirm that the Application Access is “All Users” and click Authorize.

    4 All Users.pngImage Added

  6. Confirm that the app you added is listed in the Custom Apps Manager. The Authorization Status should indicate Authorized.

    Custom Apps Manager.pngImage Added

  7. To review the app configuration, hover on the app in the table and click the View button that displays.

    View.pngImage Added

  8. Confirm App Access is set to All Users.

    View Details.pngImage Added


    If App Access is not set to All Users, one of the settings is not correct. You you must return to the Dev Console and edit the following settings for the app:

    1. Set App Access Level to App +Enterprise.

    2. Under Advanced Features, select Make API calls using the as-user header and Generate User Access Tokens.

    3. Click Save Changes in the upper-right side of the page.

    4. Return to the Box Admin Console and go back to the Custom Apps Manager page.

    5. Click the next to the View button for the app.

      More Menu.pngImage Added

    6. Click Reauthorize App in the menu that displays.

      Reauthorize app.pngImage Added

    7. Confirm the Application Access column now shows All Users and click Reauthorize.

      Final Reauthorize.pngImage Added

Grant Access for the Application in Your Enterprise

The App Key

...

is the Client ID

...

. It can be found in the Developers Console on the application’s Configuration tab. Additional information can be found in Box’s Custom App Approval documentation.

Parameters to Configure a Box Service Account with a DryvIQ Connection

Field Name

Field Variable

Status

Notes

Client ID 

clientID

Required

From your Box Developers Console or can be found in boxAppSettings section of {{public key}}_config.json 

Client Secret 

clientSecret

Required

From your Box Developers Console or can be found in boxAppSettings section of {{public key}}_config.json 

Public Key ID 

publicKeyID

Required

From your manually generated key pair or in boxAppSettings section of {{public key}}_config.json 

Private Key 

privateKey

Required

From your manually generated key pair or in boxAppSettings section of {{public key}}_config.json 

When you download the {{public key}}_config.json, the private key is displayed in the privatekey element. It looks something like this: 

"privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\xYZXYZxYZXyzxyzx.....................A0b0CAB0cAbCaBcabcabCA+B\noi0=\n-----END ENCRYPTED PRIVATE KEY-----\n",

You only need to add the values between the quotation marks. In the above example, you would add the following as the private key:

-----BEGIN ENCRYPTED PRIVATE KEY-----\xYZXYZxYZXyzxyzx.....................A0b0CAB0cAbCaBcabcabCA+B\noi0=\n-----END ENCRYPTED PRIVATE KEY-----\n

Enterprise ID 

enterpriseID

Required when an Account ID is not used

From your Box Developers Console or can be found in boxAppSettings section of {{public key}}_config.json 

The Enterprise ID will list content for all users on your connection root

Note: Cannot be combined with Account ID; options are mutually exclusive

Account ID

user_id

Required when an Enterprise ID is not used

The Account ID will impersonate a single account

Note: Cannot be combined with Enterprise ID; options are mutually exclusive

Password

passphrase

Required

From your manually generated key pair or in boxAppSettings section of {{public key}}_config.json 

Note: Auto-generated by Box when created via the download key pair from your Box Developers Console

Related

Box Service Account