Skip to main content

Box Cloud Storage

Connector name

agtbox

Connector type

Executable

Type (UI field value)

Box Cloud Storage

Target system versions supported / tested

Box cloud-based enterprise content management application

Connector status / support

Bravura Security-Verified

This connector has been tested and is fully supported by Bravura Security.

The following Bravura Security Fabric operations are supported by this connector (depending on your product license):

  • get server information

  • create account

  • delete account

  • update attributes

  • disable account

  • enable account

  • check account enabled

  • list account attributes

  • create group

  • delete group

  • update group

  • add user to group

  • delete user from group

  • add owner(user) to group

  • remove owner(user) from group

  • List:

    • accounts

    • attributes

    • groups

    • members

For a full list and explanation of each connector operation, see connector operations.

Preparation

Before targeting a Box application you must:

  • Install required DLLs

  • Obtain connection information and authentication credentials

Install required DLLs

The following DLLs are required. They should be installed before you can target a Box application:

The DLL files should be installed in the instance agent directory.

Obtain connection information and authentication credentials

  1. Log into Box account as an administrative user for your organization.

    https://app.box.com/developers/console

  2. Click General.

  3. Take note of the Enterprise ID on the App info section. This will be used later.

  4. Navigate to My Apps.

  5. Select the application on which you want to manage users and groups.

  6. Click on the side link Configuration within the application.

  7. Copy Client ID, Client Secret and Public Key ID for later use.

  8. Copy the private key file, paired with the above public key, to the Bravura Security Fabric instance server.

For information on where to find these settings refer to the Box Administrator Help available in the Box Developer Console.

Targeting the Box Cloud Storage system

For each Box Cloud Storage application, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems):

  • Type is Box Cloud Storage.

  • Address uses options described in the table below.

The full list of target parameters is explained in Target System Options.

Table 1. Box Cloud Storage address configuration

Option

Description

Options marked with a redstar.png are required.

Server

The Box application OAuth 2.0 redirect URI. Default is "api.box.com"

(key: server)

Port

Default is 443.

(key: port)

Connection over SSL

(optional) Select to enforce SSL connections. Default is "true".

(key: ssl)

Validate the server’s certificate when connecting

Determines whether to validate the server’s security certificate for SSL connections. Default is "true".

(key: checkCert)

HTTP Network Proxy

Optional

(key: proxy)

Client ID redstar.png

Client ID

(key: clientid)

Client Secret redstar.png

Client Secret

(key: clientSecret)

Enterprise ID redstar.png

Enterprise ID

(key: enterpriseid)

Public Key Identifier redstar.png

Public Key ID

(key: keyid)



The address is entered as follows:

{server=api.box.com;port=443;clientid=<Client ID>;clientSecret=<ClientSecret&gt;;enterpriseid=&lt;Enterprise ID&gt;;keyid=&lt;Public Key ID&gt;/[;proxy=&lt;proxy&gt;;]}

Setting the administrator credentials

A Box Application requires a JSON Web Token (JWT) which is verified with a RSA keys, a pair of public key and private key. For a Box target system administrator, add the full path to the private key file, a .pem file, in the Administrator ID field on Credentials tab as well as password for the private key in password fields.

The target should now be able to connect and interact with the Box API.

Handling account attributes

You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using the Manage the system (PSA) module. To do this, select Box Cloud Storage from the Manage the system > Resources > Account attributes > Target system type menu.

Bravura Security Fabric explicitly handles account attribute login when creating account on Box Cloud Storage target system. By default, the account attribute is mapped to profile and request attribute EMAIL . Ensure to add EMAIL to an appropriate attribute group,for example BASEATTRIBUTE.

New user will not be created without an email address provided.

For information about the native Box Cloud Storage attributes managed by Bravura Security Fabric , consult your Box Cloud Storage documentation.

Troubleshooting

As of March 31 2020, Box requires the Transport Layer Security (TLS) encryption protocol 1.2 or newer for all connections and this is required for the agtbox connector to operate properly. More details can be found in box community articles located at: https://community.box.com/t5/Admin-Troubleshooting/Updating-Box-from-the-Transport-Layer-Security-TLS-1-1/ta-p/61574 .

The process of deleting a BOX account can take some time to complete depending on the amount of content the account owns. The more content they own, the longer it takes to complete. Ensure sufficient time is given when deleting an account, especially when re-creating the deleted account.

In this section: