Box Client Credentials
Box Client Credentials is a content management platform for companies of all sizes and industries. This integration requires the OAuth 2.0 with Client Credentials Grant authentication method.
The following sections explain prerequisites, resources, and instructions for integrating with SaaS Management.
Stored Box Client Credentials Information
The following table describes the available integration tasks and stored data within [ProductName].
|
|
|
|
Application Roster
|
|
|
Application Access
|
Note:When the Application Access task is enabled, SaaS Management first checks for LOGIN and ADMIN-LOGIN user events. If no login user event information is available, SaaS Management then checks for user events listed in Box’s documentation topic, Event Types. This list is not exhaustive, so it is possible events appear that are not listed.
|
|
License Differentiation
|
See Box Client Credentials License Types and Tracking Application Activity by License Type for License Differentiation.
|
|
License Information
|
Note:The SaaS Management License Information integration task retrieves the unique ID and license name once every 24 hours. Therefore, the data from your Box subscription may not match the data in SaaS Management.
|
|
Reclamation
|
For more information, see Reclaiming SaaS Licenses.
|
Note:The information stored is subject to change as enhancements are made to the SaaS application.
Required Minimum Permissions for Box Client Credentials
The minimum API required permissions are based on the Required Application Permissions for Box Client Credentials and the Required User Role for Box Client Credentials.
Required Application Permissions for Box Client Credentials
|
|
|
|
|
Manage Users
|
Enables you to read the list of users in your Box account.
Enables you modify the license assigned to the user.
|
Application Roster
License Information
Reclamation
|
|
Manage Enterprise Properties
|
Enables you to read the user access event details in your Box account.
|
Application Access
|
Required User Role for Box Client Credentials
Note:The following SaaS application user role is not applicable to Flexera One roles.
|
|
|
|
Admin
|
To grant the application permissions, the user must have Admin access. For more information, see Box’s documentation topic, Understanding Administrator and Co-Administrator Permissions.
|
Box Client Credentials Authentication Method
The required authentication method is OAuth 2.0 With Client Credentials Grant. For more information, see Box’s documentation topic, Client Credentials Grant.
Required Credentials for Box Client Credentials
The following credentials are required:
Box Client Credentials License Types
The following table describes the Box license types.
|
|
|
|
Business Starter
|
|
•
|
Recommended for users at small business, especially those in the initial stages of operations |
|
•
|
Includes limited storage |
|
•
|
Can only collaborate with other paying users |
|
|
Business
|
|
•
|
Recommended for users at small to medium-sized organizations that collaborate mostly with other internal users |
|
•
|
Includes all Starter plan features plus unlimited storage, custom branding, and administrative controls over your Box account |
|
|
Business Plus
|
|
•
|
Recommended for users at businesses in creative industries that collaborate and share often with external users |
|
•
|
Includes all the Business plan features plus metadata capabilities |
|
•
|
Can add as many users outside of your business as needed |
|
|
Enterprise
|
|
•
|
Recommended for corporate businesses that need top-notch security and compliance features |
|
•
|
Includes all Business Plus plan features plus use Box seamlessly with all cloud tools while meeting security and compliance needs across all devices |
|
|
Enterprise Plus
|
|
•
|
Recommended for corporate businesses that need top-notch security and compliance features |
|
•
|
Includes all Enterprise plan features plus Box Shield, Box Governance, Box Shuttle, Box Platform, enhanced services, and more. |
|
Obtaining Client Credentials and Box Subject ID
You need to obtain the client credentials and the Box subject ID in the following task before Integrating Box Client Credentials With SaaS Management.
Note:After the Client Secret is generated, you can disable the Two-Factor Authentication (2FA) authentication for the user account that was enabled before generating the Client Secret.
To obtain client credentials and Box subject ID:
|
1.
|
Sign in to your Box account. |
|
3.
|
Go to My Apps and click Create New App. |
|
5.
|
Select Client Credentials Grant as an authentication method. |
|
6.
|
Enter a name for your app. |
|
8.
|
Copy and paste the following Box values to a file, which are needed to integrate Box Client Credentials with SaaS Management. |
|
a.
|
From the General Settings, copy the Enterprise ID, which is the Box Subject ID. |
|
b.
|
From the Configuration page, copy the Client ID and Client Secret. |
|
c.
|
Enable two-factor authentication (2FA) for Client Secret. |
|
d.
|
Under the App Access Level, select App + Enterprise Access and click Save Changes. |
|
e.
|
Go to the Authorization tab, click the Review and Submit button, provide an app description, and then click Submit. You will receive an authorization email. |
|
f.
|
From the authorization email, click the Review App Details link, which will redirect you to the Custom Apps Manager tab. |
Integrating Box Client Credentials With SaaS Management
Complete the following steps to integrate Box Client Credentials with SaaS Management.
To integrate Box Client Credentials with SaaS Management:
|
2.
|
Add the Box Client Credentials application in SaaS Management. For more information, see Adding an Application. |
|
3.
|
In the Add Application page for Box Client Credentials: |
|
a.
|
Select the Application Roster and Application Access integration task checkboxes. |
For further information on managing and optimizing your organization’s Box Client Credentials licenses, see:
Auto-Populated Box Client Credentials License Information
The SaaS Management integration with Box Client Credentials offers a License Information integration task that automatically retrieves every 24 hours the name of the Box subscription and license type. This auto-populated Box Client Credentials license information provides a more complete view of your Box Client Credentials SaaS entitlements and component usage by displaying:
|
•
|
User’s license activity (based on the user’s last login) |
Important:If you enable the License Information integration task, you need to enter and keep up to date the following Licenses Tab information. The License Information integration task does not pull in this information. The SaaS application’s annual spend calculation relies on entered and accurate license effective and ending dates.
To auto-populate Box Client Credentials license information, see Auto-Populated Managed SaaS Application License Information. When the License Information integration task is enabled, the License type, Name, and # of Items Allowed fields in the Box Client Credentials Licenses tab are disabled as this information is automatically populated. The active and inactive ingested license data from Box Client Credentials can be compared against your Box subscriptions.
Managing Available Box Client Credentials Licenses
After the License Information integration task for Auto-Populated Box Client Credentials License Information is enabled, you can add or remove the Box Client Credentials product licenses you wish to manage within SaaS Management. To manage available Box Client Credentials licenses, see Managing Available SaaS Application Licenses.
Box Client Credentials API Endpoints
Application Roster
https://api.box.com/2.0/users
Application Access
https://api.box.com/2.0/events
License Information
https://api.box.com/2.0/users
Reclamation
https://api.box.com/2.0/users/<<UserID>>