Connecting to Box

EmpowerID Box connector allows organizations to bring the user and group data in their Box system to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:

  • Account Management

    • Inventory Box user accounts

    • Create, Update and Delete Box user accounts

    • Enable and Disable Box user accounts

  • Group Management

    • Inventory Box groups

    • Inventory Box group memberships

    • Create and Delete Box groups

    • Add and Remove members to and from Box groups

  • Attribute Flow
    Users in Box are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Box user attributes to EmpowerID Person attributes.

Box Attribute

Box Table

Corresponding EmpowerID Attribute


Box Attribute

Box Table

Corresponding EmpowerID Attribute





Name of the user




First name of the user




Display Name of the user




Login of the user




Specifies whether the user is active




Company name of the user




Description of the user




Language of the user




Title of the user




Phone number of the user

Additionally, EmpowerID provides Provisioning policies or Resource Entitlements that allow you to automatically provision Box accounts for any person within your organization based on your policy requirements.

In order to connect EmpowerID to Box, the following prerequisites need to be met:

  1. Your organization must have an enterprise Box account.

  2. You must supply the credentials for the Box administrator account. EmpowerID uses this account as a connection proxy to manage Box on your behalf.

To register EmpowerID as an application in Box

  1. Login in

  2. Click Dev Console and then click Create New App.


  3. Select Enterprise Integration and click Next.

  4. On the Authentication Method page, select OAuth 2.0 with JWT (Server Authentication) and then click Next.


  5. Name the app and then click Create App.

    Box creates the app and generates the developer token.


  6. Click View Your App.

    This directs you to the Configuration page.


  7. Under Application Access, select Enterprise.


  8. Under Application Scopes, select the options shown below.


  9. Under Advanced Features, select Perform Action as Users and Generate User Access Tokens.

  10. Under Add and Manage Public Keys, click Generate a Public/Private Keypair. When you click Generate a Public/Private Keypair, Box will send a Verification code to the mobile number linked to the account. To use this feature, Two-factor authentication must be enabled on Box. 


  11. Enter the code sent to your mobile number.

  12. Download the JSON file generated by “Generate a Public/Private Keypair.”

  13. Save your changes and then point your browser to

  14. Select Admin Console from sidebar.

  15. Select Enterprise Settings and then click the Apps tab.


  16. Under Custom Applications, click Authorize New App and wait for about 10 minutes before proceeding to the next step.

  17. Copy the value for the ClientID of the application from the JSON file you downloaded above.

  18. Paste the ClientID in the API Key field of the App Authorization dialog and then click Next.


  19. Click Authorize.

    After registering EmpowerID in Box, the next step is to create a Box account store in EmpowerID.

To create a Box account store in EmpowerID

  1. On the navbar, expand Admin > Applications and Directories and then click Account Stores and Systems.

  2. On the Account Stores page, click Create Account Store.


  3. Under System Types, search for Box.

  4. Click to select the type and then click Submit.


  5. On the Box Settings page that appears, do the following:

    1. Enter a Name in the Name field.

    2. Enter a UPN Suffix in the UPN Suffix field.

    3. Click Choose File and upload the application JSON file you downloaded from Box.

    4. Click Submit.


  6. EmpowerID creates the account store and the associated resource system. The next step is to configure the attribute flow between the account store and EmpowerID.


Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.

To configure account store settings

  1. On the Account Store and Resource System page, click the Account Store tab and then click the pencil icon to put the account store in edit mode.

    This opens the edit page for the Box account store. This page allows you to specify the account proxy used to connect EmpowerID to your Box account as well as how you want EmpowerID to handle the user information it discovers in Box during inventory. Settings that can be edited are described in the table below the image.

  2. Edit the account store as needed and then click Save to save your changes.

Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Box to EmpowerID Persons as demonstrated below.

EmpowerID recommends using the Account Inbox for provisioning and joining.