Box Connector
EmpowerID Box connector allows organizations to bring the user and group data in their Box system to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:
Account Management
Inventory Box user accounts
Create, Update and Delete Box user accounts
Enable and Disable Box user accounts
Group Management
Inventory Box groups
Inventory Box group memberships
Create and Delete Box groups
Add and Remove members to and from Box groups
Attribute Flow
Users in Box are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Box user attributes to EmpowerID Person attributes.
Box Attribute | Box Table | Corresponding EmpowerID Attribute | Description |
---|---|---|---|
Name | User | Name | Name of the user |
FirstName | User | FirstName | First name of the user |
DisplayName | User | FriendlyName | Display Name of the user |
Login | User | Login | Login of the user |
Status | User | Active | Specifies whether the user is active |
CompanyName | User | Company | Company name of the user |
Description | User | Description | Description of the user |
Language | User | PreferredLanguage | Language of the user |
Job_Title | User | Title | Title of the user |
Phone | User | Telephone | Phone number of the user |
Additionally, EmpowerID provides Provisioning policies or Resource Entitlements that allow you to automatically provision Box accounts for any person within your organization based on your policy requirements.
In order to connect EmpowerID to Box, the following prerequisites need to be met:
Your organization must have an enterprise Box account.
You must supply the credentials for the Box administrator account. EmpowerID uses this account as a connection proxy to manage Box on your behalf.
Step 1 – Register EmpowerID as an application in Box
To register EmpowerID as an application in box, follow the below steps:
Click Dev Console and then click Create New App.
Select the app type as Custom App as shown in the image below
On the Authentication Method page, select Server Authentication with JWT and type the name of the app.
Then click on Create App button. This will take you to the new app configuration page as shown in the image below. Box creates the app and generates the developer token
Scroll down the configuration page and under “App Access Level” select “Enterprise”
Scroll down a bit more on configuration page and under “Application scopes” select the options as shown in the image below:
Under “Advanced features” select “Make API calls using the as-user header” and “generate user access tokens”
Under Add and Manage Public Keys, click Generate a Public/Private Keypair. When you click Generate a Public/Private Keypair, Box will send a Verification code to the mobile number linked to the account.
Download the JSON file generated by “Generate a Public/Private Keypair.”
Save your changes and then point your browser to https://app.box.com.
Select Admin Console from sidebar.
Select Enterprise Settings and then click the Apps tab.
Under Custom Applications, Authorize New App and wait for some time before proceeding to the next step.
Copy the value for the ClientID of the application from the JSON file you downloaded above.
Paste the ClientID in the API Key field of the App Authorization dialog and then click Next.
Click Authorize.
After registering EmpowerID in Box, the next step is to create a Box account store in EmpowerID.
Step 2 – Create a Box account store in EmpowerID
On the navbar, expand Admin > Applications and Directories and select Account Stores and Systems.
On the Account Stores page, click the Actions tab and then click Create Account Store.
Under System Types, search for Box.
Click Box to select the type and then click Submit.
On the Box Settings page that appears, do the following:
Enter a Name in the Name field.
Enter a UPN Suffix in the UPN Suffix field.
Click Choose File and upload the application JSON file you downloaded from Box.
Click Submit.
EmpowerID creates the account store and the associated resource system. The next step is to configure the attribute flow between the account store and EmpowerID.
Step 3 – Configure Attribute flow
Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.
Step 4 – Configure account store settings
On the Account Store and Resource System page, select the Account Store tab and then click the pencil icon to put the account store in edit mode.
This opens the edit page for the Box account store. This page allows you to specify the account proxy used to connect EmpowerID to your Box account as well as how you want EmpowerID to handle the user information it discovers in Box during inventory. Settings that can be edited are described in the table below the image.Edit the account store as needed and then click Save to save your changes.
Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Box to EmpowerID Persons as demonstrated below.
EmpowerID recommends using the Account Inbox for provisioning and joining.
Step 5 – Enable Account Inbox Permanent Workflow
Step 6 – Monitor Inventory
IN THIS ARTICLE