Box Client Credentials

Box Client Credentials is a content management platform for companies of all sizes and industries. This integration requires the OAuth 2.0 with Client Credentials Grant authentication method.

Information Stored
Minimum Permissions Required
Authentication Method
Credentials Required
License Types
Obtaining Client Credentials and Box Subject ID
Integrating Box Client Credentials with SaaS Management
Auto-Populated Box Client Credentials License Information
Managing Available Box Client Credentials Licenses
API Endpoints

Information Stored

The following table describes the available integration tasks and stored data.

Available Integration Tasks

Integration Task

Information Stored

Application Roster

Email
First Name
Middle Name
Last Name
Active Date
License Name

Application Access

User Events
Login
Admin-Login
Time Occurred
Email

Note:When the Application Access task is enabled, SaaS Management first checks for LOGIN and ADMIN-LOGIN user events. If no login user event information is available, SaaS Management then checks for user events listed in the Box Developer Documentation section Event Types. This list is not exhaustive, so it is possible events appear that are not listed.

License Differentiation

See License Types and Tracking Application Activity by License Type for License Differentiation.

License Information

Unique ID
License Name

Note:The above license information is retrieved every 24 hours. Therefore, the data from your Box subscription may not match the data in SaaS Management for license information.

Reclamation

For details, refer to Reclaiming SaaS Licenses.

Note:The information stored is subject to change as enhancements are made to the product.

Minimum Permissions Required

Minimum API required permissions are based on the Application Permission and User Role .

Application Permission

Application Permission

Permission

Description

Integration Task Name

Manage Users

To read the list of users in your Box account.

This permission is required to modify the license assigned to the user.

Application Roster

License Information

Reclamation

Manage Enterprise Properties

To read the user access event details in your Box account

Application Access

User Role

User Role

Role

Description

Admin

To grant the application permissions, the user must have Admin access. For details, refer to the Box Support documentation section Understanding Administrator and Co-Administrator Permissions.

Authentication Method

OAuth 2.0 with Client Credentials Grant. For details, refer to the Box Developer documentation section Client Credentials Grant.

Credentials Required

Client ID
Client Secret
Box Subject ID

License Types

Box offers the following license types that are described in the table below.

Box License Type Descriptions

License Type

Description

Business Starter

Recommended for users at small business, especially those in the initial stages of operations
Includes limited storage
Can only collaborate with other paying users

Business

Recommended for users at small to medium-sized organizations that collaborate mostly with other internal users
Includes all Starter plan features plus unlimited storage, custom branding, and administrative controls over your Box account

Business Plus

Recommended for users at businesses in creative industries that collaborate and share often with external users
Includes all the Business plan features plus metadata capabilities
Can add as many users outside of your business as needed

Enterprise

Recommended for corporate businesses that need top-notch security and compliance features
Includes all Business Plus plan features plus use Box seamlessly with all cloud tools while meeting security and compliance needs across all devices

Enterprise Plus

Recommended for corporate businesses that need top-notch security and compliance features
Includes all Enterprise plan features plus Box Shield, Box Governance, Box Shuttle, Box Platform, enhanced services, and more.

Obtaining Client Credentials and Box Subject ID

To obtain client credentials and Box subject ID, perform the following steps.

Note:Once the Client Secret is generated, you can disable the Two-Factor Authentication (2FA) authentication for the user account that was enabled before generating the Client Secret.

To obtain client credentials and Box subject ID:

1. Sign in to your Box account.
2. Click Dev Console.
3. Navigate to My Apps and click Create New App.
4. Select Custom App.
5. Select Client Credentials Grant as an authentication method.
6. Enter a name for your app.
7. Click Create App.
8. Copy the following Box values, which are needed to integrate Box Client Credentials with SaaS Management.
a. From the General Settings, copy the Enterprise ID (Box Subject ID).
b. From the Configuration page, copy the Client ID and Client Secret.
c. Enable two-factor authentication (2FA) for Client Secret.
9. Complete Integrating Box Client Credentials with SaaS Management.

Integrating Box Client Credentials with SaaS Management

To integrate Box Client Credentials with SaaS Management, perform the following steps.

To integrate Box Client Credentials with SaaS Management:

1. Sign in to your Box account.
2. From your Box account, copy the following values:
Client ID
Client Secret
Box Subject ID
3. In SaaS Management, add the Box Client Credentials application. Refer to Adding an Application.
4. In the Add Application screen for Box Client Credentials:
a. Select the Application Roster and Application Access integration task check boxes.
b. Paste the copied Box account values from step 2 into the appropriate Client ID, Client Secret, and Box Subject ID fields.
c. Click Authorize.
5. For further information on managing and optimizing your organization’s Box Client Credentials licenses, refer to:
Auto-Populated Box Client Credentials License Information
Managing Available Box Client Credentials Licenses
Tracking Application Activity by License Type for License Differentiation
Reclaiming SaaS Licenses.

Auto-Populated Box Client Credentials License Information

The SaaS Management integration with Box Client Credentials offers a License Information integration task that automatically retrieves every 24 hours the name of the Box subscription and license type. This auto-populated Box Client Credentials license information provides a more complete view of your Box Client Credentials SaaS entitlements and component usage by displaying:

Assigned entitlements.
User’s license activity (based on the user’s last login)

Important:If you enable the License Information integration task, note the following:

If you have manually managed Box Client Credentials application licenses data in SaaS Management prior to enabling the License Information Integration task, then the managed application's license information you previously entered in the Licenses Tab will be overwritten with the data ingested from Box.
You need to enter and keep up to date the following Licenses Tab information. The License Information integration task does not pull in this information. The SaaS application’s annual spend calculation relies on entered and accurate license effective and ending dates.
# of Items Allowed 
Amount 
Currency 
Payment Frequency 
Effective Date 
Ending Date 
When the License Information integration task first discovers an active subscription, it defaults the effective date to its discovery date and displays an empty end date. As a result, the license term is effective and will not expire.
When the License Information integration task is disabled, the managed application's license information reverts to what it was prior to the License Information integration task being enabled. As a result, your previously manually entered license information appears in the Licenses Tab.
When the License Information integration task is re-enabled, the last automatic-captured license data that was available before disabling the License Information integration task appears in the Licenses Tab.

To auto-populate Box Client Credentials license information:

1. From the SaaS menu, click Managed SaaS Applications. The Managed SaaS Applications screen appears.
2. For a new Box Client Credentials integration, add the Box Client Credentials application. Refer to Adding an Application. The License Information integration task is selected by default.
3. For an existing Box Client Credentials integration:
a. On the Managed SaaS Applications screen, select the appropriate Box Client Credentials instance link. The instance’s Overview tab opens by default.
b. Click the Box Client Credentials instance’s Integration tab.
c. In the Integration tab’s Integration Tasks table, click Disabled in the Action column to enable the License Information task.
d. Click OK.
4. When the License Information integration task is enabled, the License type, Name, and # of Items Allowed fields in the Box Client Credentials Licenses tab are disabled as this information is automatically populated. The active and inactive ingested license data from Box Client Credentials can be compared against your Box subscriptions.

Managing Available Box Client Credentials Licenses

Once the License Information integration task for Auto-Populated Box Client Credentials License Information is enabled, you can add or remove the Box Client Credentials product licenses you wish to manage within SaaS Management. Complete the following steps.

To manage available Box Client Credentials licenses:

1. From the SaaS menu, click Managed SaaS Applications. The Managed SaaS Applications screen appears.
2. On the Managed SaaS Applications screen, select the appropriate Box Client Credentials instance link. The instance’s Overview tab opens by default.
3. Click the Box Client Credentials instance’s Licenses tab.
4. In the Box Client Credentials Licenses tab, click the Manage Available Licenses button in License Details. The Manage Available Licenses slideout opens to display the Box Client Credentials product licenses from your Box subscriptions.
5. Select the licenses you wish to manage and click Save.
6. When the Update Managed Licenses window appears, click Continue. It may take several minutes to recalculate the License Details data.

Note:Unselected licenses are not shown in SaaS Management and are filtered out from all calculations. For further details, refer to What happens when a Box Client Credentials license is filtered out?

What happens when a Box Client Credentials license is filtered out?

No license entry appears on the Box Client Credentials Licenses tab, even when the Show Inactive switch is disabled.
Filtered out licenses are not included in annual spend calculations.
Filtered out licenses do not appear on the All SaaS Licenses page.
Filtered out licenses do not appear on the SaaS License Usage page when the Show License Details switch is enabled.
Users who are only entitled to licenses that have been filtered out do not appear in the Box Client Credentials Users tab.
Activity from users who are only entitled to licenses that have been filtered out does not appear in the Box Client Credentials Activity tab.
Since users in this filtered state are not listed in the Box Client Credentials Users tab, they also would not be flagged as reclamation opportunities.
Users in the filtered state would not count toward active/inactive/never/total usage counts from SaaS metrics.
The HR roster user entry would not show the user listed in the applications list if they have been filtered out.
A user in the filtered state would not be marked as suspicious, even if their HR roster entry were deactivated and they were still generating Box usage. The user in the filtered state has been effectively removed from the Application Roster and the Box Client Credentials Activity tab. Therefore, the user does not appear on the Suspicious SaaS Activities page.
If a user is not assigned any licenses, the user is filtered out of the Box Client Credentials Users tab.

API Endpoints

Application Roster

https://api.box.com/2.0/users

Application Access

https://api.box.com/2.0/events

License Information

https://api.box.com/2.0/users

Reclamation

https://api.box.com/2.0/users/<<UserID>>