Users & Groups settings let you define who has access to your Box enterprise and when and how they access your Box content. This topic contains the following sections:
Managed Users Tab
The Managed Users tab lists all the managed user accounts in your organization. On this tab you can:
- Click a column header to sort the list of managed users by that attribute.
- Click Filter Applied to filter the managed user list by:
- All Users (default) - Lists the Admin, all Co-admins, and all managed users in your organization.
- Admins - Lists the Admin and al Co-admins in your organization.
- Co-admins - Lists users who have been assigned a Co-admin role.
- App Users - Lists app users who are only accessible via the API, meaning they do not have login credentials.
- Click Bulk Edit to edit multiple managed user accounts at once. See Configuring and Editing Users for details.
Note
In the legacy design, click to:
- Sort by login (default), name, date added, space used, or last login date
- Show only specific roles, from all roles, admins and non-admins (default), admins, non-admins, or app users
- Filter by all groups (default), exempt from device limits, or group name
Click a user name or double-click a row to view details about a managed user. A managed user details page has the following sections:
User Details
This section lists the settings in the the User Details section of a managed user and describes each setting. (This section is named User Account Details in the legacy design.)
- Name
- Required. Typically the name of the person to whom the user account is assigned to. The value in this field is used in reports and logging.
- Required. The email address of the user. This email address is where notifications, password resets, and other Box communication will be sent, and should be within your organization's domain.
- Notification Email
- An additional email address where notifications for this account can also be sent.
- In Admin Console > Enterprise Settings > Notifications > Email Notifications, the Allow all users to receive Box notifications at an alternate notification email address setting determines whether Box notifications can be sent to this email. And if that setting is enabled, the Allow all users to change their notification email setting determines whether users can change this email address in their own account settings.
- Password
-
Does not reveal the value of the user account password. In this field, you can:
- Click Forgot password to send a notification email to the user with a link to reset the account password.
- Select the Require a change of password on next login check box to force the user to change their password the next time they attempt to log in to Box.
- Time Zone
-
(Not available in the legacy design.) Defines the time zone of where the user is located. Used to determine the correct date and time for user activities.
The user can also change the value of this setting on their own Account Settings page.
- Language
- Defines the language the user will see in the Box user interface when signed in.
- Data Residency Zone
-
Available when Box Multizones are being used, defines the zone in which the user's content is stored. If you do not manually assign someone to a zone, Box automatically assigns that person to your enterprise's default zone.
When you assign an existing user to a new zone, their existing files migrate to that zone and any new files and folders they create within their own root folder are mapped to the assigned zone. If they create a file within someone else's root folder, that file is mapped to the storage policy of the owner of the file.
- Storage Used/Allocated
-
(Storage Quota (GB) in the legacy design.) Indicated the amount of storage used (not available in the legacy design) and defines the total amount of storage, in gigabytes (GB), the user is allocated in your Box organization. Enter a number or select the Unlimited check box.
"Unlimited" is defined as up to the amount your enterprise subscription level contains.
- Status
- Defines whether the user can currently work in your Box enterprise, and how. Select from:
- Active: User can log in to Box and use all of Box that you allow in the User Access Permission section.
- Inactive: User is prevented from logging in and using Box in your enterprise. This user is also hidden from all collaborators.
- Active View/Upload Only: (Cannot delete and edit in the legacy design.) User can access all of Box that you allow in the User Access Permission section, except that user is prevented from deleting or editing content.
- Active View Only: (Cannot delete, edit and upload in the legacy design.) User can access all of Box that you allow in the User Access Permission section, except that user is prevented from sharing, deleting, editing, or uploading content.
- Account Created
- (Not available in the legacy design.) Shows the date the user account was created. This value is system-generated and cannot be changed.
- Last Modified
- (Not available in the legacy design.) Shows the date that the last change was made to the user account. This value is system-generated and cannot be changed.
Role and Access Permissions
This section was titled User Access Permissions in the legacy design.
- Role
-
Defines the user account role. Select from:
- Member - Allows access to Box with no administrative privileges. The member privileges include shared contacts, Box Sync, external collaboration, and device pinning.
- Co-admin - Allows access to Box with both member and co-administrative privileges. Selecting this option adds a section where you select the co-admin privileges for this user, including access to users and groups, reports and settings, policies, metadata, and more.
- Shared Contacts
- Allows this user to access all other managed users in their contacts list when inviting collaborators. External users will not be accessible unless already collaborating. If you clear this setting, the user will access only the people they are actively collaborating with and will need to manually fill the contacts list.
- Box Sync
- Enables the user to synchronize files between Box and their computer hard drive via Box Sync.
- Restrict External Collaboration
- Restricts the user from creating external collaborations for folders they own.
- Device Pinning
- Enables the user to be exempt from the maximum number of devices synchronized with their Box account value set for your enterprise in Enterprise Settings > App Use Management.
Co-admin Permissions
This section lists the Co-admin administrative permissions by functional area available for Business Plus and Enterprise customers that you can assign users with the Co-admin role. Co-admins can perform the same tasks in Box as admins and are allowed to manage users and groups, with the following restrictions:
- Can view, but not edit, details for other co-admins, nor delete other co-admins
- Cannot view or edit admin details
- Cannot make another managed user a co-admin
- Users and Groups
- Manage users
- Manage groups
- Files and Folders
- View users' content
- Edit users' content
- Log in to users' accounts
- Reports and Settings
- View settings and apps for your company
- Edit settings and apps for your company
- Run new reports and access existing reports
- Policies
- View policies set up for your company
- Create, edit, and delete policies for your company
- Automations/Relay
- View automations set up for your company
- Create, edit, and delete automations for your company
- Metadata
- Create and edit metadata templates for your company
- Shield
- View Shield Dashboard for your company
- Edit Shield configuration for your company
- GxP
- View GxP Dashboard
- Sign
- View and edit Sign permissions
- View and edit Sign legal settings
Folder Collaborations
Lists the folders that the user has been invited to collaborate. An admin can also click Edit and:
- Click Select New Folder to add folders to the user's folder collaboration list.
- Select one or more folders and then click Remove Access to remove the folders from the user's folder collaboration list.
Groups
Lists the user groups that the user is a member of. An admin can also click Edit and:
- Click Select Groups and then either add the user to additional groups or remove the user from any groups that they are a member of.
- Hover over the group name and click Remove to remove the user from that group.
- Change the Access Level of the user in the group. You can select from:
- Member - User is allowed access to the group and its functions.
- Group admin - User has group admin-level access to the group, which means they can edit group membership, content access, and settings. See Designating Group Admins for more information on configuring group admins.
Note
If a user is made a Box admin or co-admin, they will lose group admin status of any groups that they are a member of.
(In the legacy design, you can also select None, which removes the user from the group.)
Managed Devices
List which Box applications available within your company can be used by the user.
This section was titled Installed Applications in the legacy design.
External Users Tab
The External Users tab lists all external user accounts. External users are collaborators that are not in your Box organization. They may not share your company domain(s) and are not subject to enterprise policies. in the list of external users on this tab you can:
- Click a column header to sort the list of external users by that attribute.
- View details of an external user.
- Delete an external user.
- Make an external user a managed user (if the external users shared a domain that you manage).
Double-click a row to view details about an external user. An external user details page has the following sections:
User Details
The information in the User Details section of an external user is not editable and contains the following information:
- Name
- Typically the name of the person to whom the user account is assigned to. The value in this field is used in reports and logging. The field may not have a value.
- The email address of the external user. This email address is where notifications and other Box communication will be sent. If the email address is within one of your organization's domains, you can convert the external user to a managed user.
Folder Collaboration
Lists the folders that the external user has been invited to collaborate. An admin can also click Edit and:
- Click Select New Folder to add folders to the external user's folder collaboration list.
- Select one or more folders and then click Remove Access to remove the folders from the external user's folder collaboration list.
Groups Tab
The Groups tab lists all user groups defined in your organization. Groups are listed in alphabetical order by name.
Click a group name or double-click a row to view details about a group. A group details page has the following sections:
Group Details
This section lists the settings in the the Group Details section of a group and describes each setting.
- (Group) Name
- Required. The name of the group. It must be unique. The value in this field is used in reports and logging.
- Description
- Optional additional information about the group. Use the Description field to summarize the purpose of the group, what users are in the group, and what the group has access to.
- Permission Setting
- Defines which users in your account can invite this group to share content and view the members of this group. Select from:
- Company (default) - Anyone in your company can provide this group access to folders, view members in this group, and assign a task to members in this group.
- Group Members - Only group members can provide this group access to folders, view other members, and assign a task to members in this group.
- Admins Only - Only Admins can invite this group to folders, view members in this group in the Admin Console, and assign a task to members in this group.
Members
Lists the members of the group in alphabetical order by name. An admin can also click Edit and:
- Filter the list by name or email address.
- Add managed users as members to the group.
- Change the permission of a group member. For members who are not Co-admins, you can select from:
- Member - User is allowed access to the group and its functions.
- Group Admin - User has group admin-level access to the group, which means they can edit group membership, content access, and settings. See Designating Group Admins for more information on configuring group admins.
Shared Folders
Lists the folders that the users in the group share. An admin can also click Edit and:
- Filter the folder list.
- Click Share Folders and add folders to the group.
- Change the permissions of the folder. See Understanding Collaborator Permission Levels for details about each choice.