Box Connector

Owned by
Phillip Hanegan
Last updated: Jun 07, 2023
5 min read

EmpowerID Box connector allows organizations to bring the user and group data in their Box system to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:

  • Account Management

    • Inventory Box user accounts

    • Create, Update and Delete Box user accounts

    • Enable and Disable Box user accounts

  • Group Management

    • Inventory Box groups

    • Inventory Box group memberships

    • Create and Delete Box groups

    • Add and Remove members to and from Box groups

  • Attribute Flow
    Users in Box are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Box user attributes to EmpowerID Person attributes.

Box Attribute

Box Table

Corresponding EmpowerID Attribute

Description

Box Attribute

Box Table

Corresponding EmpowerID Attribute

Description

Name

User

Name

Name of the user

FirstName

User

FirstName

First name of the user

DisplayName

User

FriendlyName

Display Name of the user

Login

User

Login

Login of the user

Status

User

Active

Specifies whether the user is active

CompanyName

User

Company

Company name of the user

Description

User

Description

Description of the user

Language

User

PreferredLanguage

Language of the user

Job_Title

User

Title

Title of the user

Phone

User

Telephone

Phone number of the user

Additionally, EmpowerID provides Provisioning policies or Resource Entitlements that allow you to automatically provision Box accounts for any person within your organization based on your policy requirements.

In order to connect EmpowerID to Box, the following prerequisites need to be met:

  1. Your organization must have an enterprise Box account.

  2. You must supply the credentials for the Box administrator account. EmpowerID uses this account as a connection proxy to manage Box on your behalf.

Step 1 – Register EmpowerID as an application in Box

To register EmpowerID as an application in box, follow the below steps:

  1. Login in https://app.box.com/developers/console.

  2. Click Dev Console and then click Create New App.

     

  3. Select the app type as Custom App as shown in the image below

     

  4. On the Authentication Method page, select Server Authentication with JWT and type the name of the app.

     

  5. Then click on Create App button. This will take you to the new app configuration page as shown in the image below. Box creates the app and generates the developer token



     

  6. Scroll down the configuration page and under “App Access Level” select “Enterprise




     

  7. Scroll down a bit more on configuration page and under “Application scopes” select the options as shown in the image below:

     

  8. Under “Advanced features” select “Make API calls using the as-user header” and “generate user access tokens

     

  9. Under Add and Manage Public Keys, click Generate a Public/Private Keypair. When you click Generate a Public/Private Keypair, Box will send a Verification code to the mobile number linked to the account.

     

  10. Download the JSON file generated by “Generate a Public/Private Keypair.”

     

  11. Save your changes and then point your browser to https://app.box.com.

  12. Select Admin Console from sidebar.

  13. Select Enterprise Settings and then click the Apps tab.

     

  14. Under Custom Applications, Authorize New App and wait for some time before proceeding to the next step.

  15. Copy the value for the ClientID of the application from the JSON file you downloaded above.

  16. Paste the ClientID in the API Key field of the App Authorization dialog and then click Next.

     

  17. Click Authorize.


    After registering EmpowerID in Box, the next step is to create a Box account store in EmpowerID.

Step 2 – Create a Box account store in EmpowerID

  1. On the navbar, expand Admin > Applications and Directories and select Account Stores and Systems.

  2. On the Account Stores page, click the Actions tab and then click Create Account Store.



  3. Under System Types, search for Box.

  4. Click Box to select the type and then click Submit.

     

  5. On the Box Settings page that appears, do the following:

    1. Enter a Name in the Name field.

    2. Enter a UPN Suffix in the UPN Suffix field.

    3. Click Choose File and upload the application JSON file you downloaded from Box.

    4. Click Submit.

       

  6. EmpowerID creates the account store and the associated resource system. The next step is to configure the attribute flow between the account store and EmpowerID.

Step 3 – Configure Attribute flow

Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.

Step 4 – Configure account store settings

  1. On the Account Store and Resource System page, select the Account Store tab and then click the pencil icon to put the account store in edit mode.


    This opens the edit page for the Box account store. This page allows you to specify the account proxy used to connect EmpowerID to your Box account as well as how you want EmpowerID to handle the user information it discovers in Box during inventory. Settings that can be edited are described in the table below the image.


  2. Edit the account store as needed and then click Save to save your changes.

Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Box to EmpowerID Persons as demonstrated below.

EmpowerID recommends using the Account Inbox for provisioning and joining.

Step 5 – Enable Account Inbox Permanent Workflow

Step 6 – Monitor Inventory

IN THIS ARTICLE