...
Panel | ||
---|---|---|
| ||
Creating a Box Service Account
|
Step 1 | Create and Configure a JWT Application
Application Type: Custom App
Recommendation: OAuth 2.0 with JWT (Server Authentication)
...
Option
...
Configuration
...
Client ID
...
Copy and save separately. Required to create your SkySync connection
...
Client Secret
...
Copy and save separately. Required to create your SkySync connection
...
Application Access
...
Enterprise
...
...
Read and write all files and folders stored in Box
Manage users
Manage groups
Manage enterprise properties
...
...
This scope is needed to transfer content on Box that are locked with "Disable Download" checked
To enable this scope you will need to file a support ticket to get the Box team to enable it for your application. Scope approval will be approved by necessity and merit.
Global Content Manager
...
Advanced Features
...
Enable - Perform Actions as Users
Enable - Generate User Access Tokens
...
Box requires two-factor authentication (2FA) to generate a public / private keypair.
Download Keypair from Box
Save Box download {{public key}}_config.json locally for future reference; required to create your SkySync connection.
Alternate Options
Panel | ||
---|---|---|
| ||
Note: Two-Factor Authentication (2FA) is not applicable when Single Sign-On (SSO) is enabled on Box |
Add another account as a collaborator that has 2FA enabled
From the Developers Console → go to the General options page
"Add New Collaborator"
Log into Box as the collaborator → Developers Console
Configuration → Add and Manage Public Keys → Generate a Public / Private Keypair
Requires: OpenSSL or Cygwin package
...
On This Page
Table of Contents | ||
---|---|---|
|
...
Overview
When you create a Box App in the Box Dev Console, a Box service account is automatically created to represent the application. This page explains how to prepare the account to integrate with the DryvIQ platform.
Enable Two-Factor Authentication
You will need to have a Box account with two-factor verification enabled in order to create the Box App. The instructions below explain how to set up two factor authentication using an authenticator application since this is the recommended method. If you prefer to use SMS text message or email for as the two-step verification method, refer to the instructions available through Box Support for how to set up these methods of multi-factor authentication for your account. If your account already has two-factor verification enabled, you can skip this section. Otherwise, follow the steps below.
Info |
---|
You will need to have an authenticator application installed on the mobile device you will be using for for the two-step verification before you begin this process. |
Log into https://app.box.com.
Click your user icon in the upper-right and select Account Settings.
On the Account Tab, scroll to the 2-Step Verification and click Set up.
Verify Authenticator App is selected and click Next.
Box will display a QR code. Scan it with the authenticator application you are using to generate a six-digit authentication code. Enter the code and click submit.
Enter the mobile phone number that will be used for account recovery and click Submit.
Box generates three account recover codes that can be used to access your account in the event you lose your device. You should keep copies of these somewhere safe. Click Close to continue.
The “Authenticator App” will display as “Enabled.”
Create a Box app from the Box Dev Console
To create your Box app, do the following:
Log in to the Dev Console for your Box account.
Click Create New App.
Click Custom App.
Enter a name and description for your App.
Specify the Purpose and click Next.
On the Authentication Method screen, select Server Authentication with JWT (Server Authentication) and click Create App.
You will be taken to the Configuration page for your new app.
Scroll to the OAuth 2.0 Credentials section and find your Client ID. You will use this Client ID to authorize your app on the Admin Console. Click COPY next to the Client ID to copy it to your clipboard.
Scroll to the App Access Level section and select App + Enterprise Access.
Scroll to the Advanced Features section and select the Make API calls using the as-user header and Generate user tokens boxes.
Scroll to the Add and Manage Public Keys section and click Generate a Public/Private Keypair. This downloads a file that contains the information needed to create the Box connector in the DryvIQ Platform. Save the keypair file ({public key}_config.json) locally for future reference. This file is not be saved in Box, so it is important you save this file somewhere where you can access it when you need to create your connection in the DryvIQ Platform.
Click OK to close the file download screen.
Click Save Changes in the upper-right side of the page.
Alternate Options
Box requires two-factor authentication to generate a public/private keypair, but two-factor authentication is not applicable when single sign-on is enabled on Box. In this scenario, you can use one of the following alternative methods to generate the public/private keypair.
Alternate 1: Add another account that has two-factor authentication enabled as a collaborator to the app.
In the Developers Console, select the app.
Scroll down to the Collaborators sections and click Add New Collaborator.
Enter the email address for the account that has two-factor authentication setup and click Add.
Log into Box as the collaborator
Go to the Developers Console and select the app.
Select the Configuration tab.
Scroll down to the Add and Manage Public Keys section and click Generate a Public/Private Keypair.
Alternate 2: Generate Keypair Manually. This option requires OpenSSL or Cygwin package.
Authorize the Box app from the Box Admin Console
Perform the following steps to authorize your Box app:
Access the Admin Console for your Box account.
Click Apps from the left menu.
Select Custom Apps Manager and then click Add App.
Enter the Client ID for the app and click Next. (This was the Client ID you copied in step 8 in the previous section.)
Confirm that the Application Access is “All Users” and click Authorize.
Confirm that the app you added is listed in the Custom Apps Manager. The Authorization Status should indicate Authorized.
To review the app configuration, hover on the app in the table and click the View button that displays.
Confirm App Access is set to All Users.
If App Access is not set to All Users, one of the settings is not correct. You you must return to the Dev Console and edit the following settings for the app:Set App Access Level to App +Enterprise.
Under Advanced Features, select Make API calls using the as-user header and Generate User Access Tokens.
Click Save Changes in the upper-right side of the page.
Return to the Box Admin Console and go back to the Custom Apps Manager page.
Click the … next to the View button for the app.
Click Reauthorize App in the menu that displays.
Confirm the Application Access column now shows All Users and click Reauthorize.
Grant Access for the Application in Your Enterprise
The App Key
...
is the Client ID
...
. It can be found in the Developers Console on the application’s Configuration tab. Additional information can be found in Box’s Custom App Approval documentation.
Parameters to Configure a Box Service Account with a |
---|
DryvIQ Connection | |||
---|---|---|---|
Field Name | Field Variable | Status | Notes |
Client ID | clientID | Required | From your Box Developers Console or can be found in boxAppSettings section of {{public key}}_config.json |
Client Secret | clientSecret | Required | From your Box Developers Console or can be found in boxAppSettings section of {{public key}}_config.json |
Public Key ID | publicKeyID | Required | From your manually generated key pair or in boxAppSettings section of {{public key}}_config.json |
Private Key | privateKey | Required | From your manually generated key pair or in boxAppSettings section of {{public key}}_config.json When you download the {{public key}}_config.json, the private key is displayed in the privatekey element. It looks something like this: "privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\xYZXYZxYZXyzxyzx.....................A0b0CAB0cAbCaBcabcabCA+B\noi0=\n-----END ENCRYPTED PRIVATE KEY-----\n", You only need to add the values between the quotation marks. In the above example, you would add the following as the private key: -----BEGIN ENCRYPTED PRIVATE KEY-----\xYZXYZxYZXyzxyzx.....................A0b0CAB0cAbCaBcabcabCA+B\noi0=\n-----END ENCRYPTED PRIVATE KEY-----\n |
Enterprise ID | enterpriseID | Required when an Account ID is not used | From your Box Developers Console or can be found in boxAppSettings section of {{public key}}_config.json The Enterprise ID will list content for all users on your connection root Note: Cannot be combined with Account ID; options are mutually exclusive |
Account ID | user_id | Required when an Enterprise ID is not used | The Account ID will impersonate a single account Note: Cannot be combined with Enterprise ID; options are mutually exclusive |
Password | passphrase | Required | From your manually generated key pair or in boxAppSettings section of {{public key}}_config.json Note: Auto-generated by Box when created via the download key pair from your Box Developers Console |