Welcome to the new Box Support website. Check out all the details here on what’s changed.

Box Status
Print

Users & Groups Settings

Overview , Article , Product Utilization , Established

Users & Groups settings let you define who has access to your Box enterprise and when and how they access your Box content. This topic contains the following sections:

Managed Users Tab

The Managed Users tab lists all the managed user accounts in your organization. The columns in the list include the following user data:

  • Name
  • Email (default sort)
  • User ID
  • Role
  • Status
  • Storage Used

On this tab you can:

  • Click on the Name or Email column header to sort the list of managed users by that attribute.
  • Click Filter Applied to filter the managed user list by:
    • All Users (default) - Lists the Admin, all Co-admins, and all managed users in your organization.
    • Admins - Lists the Admin and al Co-admins in your organization.
    • Co-admins - Lists users who have been assigned a Co-admin role.
    • App Users - Lists app users who are only accessible via the API, meaning they do not have login credentials.
  • Click Bulk Edit to edit multiple managed user accounts at once. See Configuring and Editing Users for details.

Note

In the legacy design, click button_sort_filter.png to:

  • Sort by login (default), name, date added, space used, or last login date
  • Show only specific roles, from all roles, admins and non-admins (default), admins, non-admins, or app users
  • Filter by all groups (default), exempt from device limits, or group name

Click a user name or double-click a row to view details about a managed user. At the top of the managed user details page is a summary that includes the managed users avatar, name, email, and user ID. A managed user details page has the following sections:

User Details

This section lists the settings in the the User Details section of a managed user and describes each setting. (This section is named User Account Details in the legacy design.)

Name
Required. Typically the name of the person to whom the user account is assigned to. The value in this field is used in reports and logging.
Email
Required. The email address of the user. This email address is where notifications, password resets, and other Box communication will be sent, and should be within your organization's domain.
Notification Email
An additional email address where notifications for this account can also be sent.
In Admin Console > Enterprise Settings > Notifications > Email Notifications, the Allow all users to receive Box notifications at an alternate notification email address setting determines whether Box notifications can be sent to this email. And if that setting is enabled, the Allow all users to change their notification email setting determines whether users can change this email address in their own account settings.
Password

Does not reveal the value of the user account password. In this field, you can:

  • Click Forgot password to send a notification email to the user with a link to reset the account password.
  • Select the Require a change of password on next login check box to force the user to change their password the next time they attempt to log in to Box.
Time Zone

(Not available in the legacy design.) Defines the time zone of where the user is located. Used to determine the correct date and time for user activities.

The user can also change the value of this setting on their own Account Settings page.

Language
Defines the language the user will see in the Box user interface when signed in.
Data Residency Zone

Available when Box Multizones are being used, defines the zone in which the user's content is stored. If you do not manually assign someone to a zone, Box automatically assigns that person to your enterprise's default zone.

When you assign an existing user to a new zone, their existing files migrate to that zone and any new files and folders they create within their own root folder are mapped to the assigned zone. If they create a file within someone else's root folder, that file is mapped to the storage policy of the owner of the file.

Storage Used/Allocated

(Storage Quota (GB) in the legacy design.) Indicated the amount of storage used (not available in the legacy design) and defines the total amount of storage, in gigabytes (GB), the user is allocated in your Box organization. Enter a number or select the Unlimited check box.

"Unlimited" is defined as up to the amount your enterprise subscription level contains.

Status
Defines whether the user can currently work in your Box enterprise, and how. Select from:
  • Active: User can log in to Box and use all of Box that you allow in the User Access Permission section.
  • Inactive: User is prevented from logging in and using Box in your enterprise. This user is also hidden from all collaborators.
  • Active View/Upload Only: (Cannot delete and edit in the legacy design.) User can access all of Box that you allow in the User Access Permission section, except that user is prevented from deleting or editing content.
  • Active View Only: (Cannot delete, edit and upload in the legacy design.) User can access all of Box that you allow in the User Access Permission section, except that user is prevented from sharing, deleting, editing, or uploading content.
Account Created
(Not available in the legacy design.) Shows the date the user account was created. This value is system-generated and cannot be changed.
Last Modified
(Not available in the legacy design.) Shows the date that the last change was made to the user account. This value is system-generated and cannot be changed.
Tracking Codes
If any tracking codes have been defined, the fields will appear here.

Role and Access Permissions

This section was titled User Access Permissions in the legacy design.

Role

Defines the user account role. Select from:

  • Member - Allows access to Box with no administrative privileges. The member privileges include shared contacts, Box Sync, external collaboration, and device pinning.
  • Co-admin - Allows access to Box with both member and co-administrative privileges. Selecting this option adds a section where you select the co-admin privileges for this user, including access to users and groups, reports and settings, policies, metadata, and more.

    Note

    For security purposes, a user cannot be given the Co-admin role if their primary email address in their user account uses a public (for example Gmail, Outlook, or Yahoo) or an unverified domain. See Verifying an Unverified Domain for information about how to verify a domain that you manage.

Shared Contacts
Allows this user to access all other managed users in their contacts list when inviting collaborators. External users will not be accessible unless already collaborating. If you clear this setting, the user will access only the people they are actively collaborating with and will need to manually fill the contacts list.
Box Sync
Enables the user to synchronize files between Box and their computer hard drive via Box Sync.
Restrict External Collaboration
Restricts the user from creating external collaborations for folders they own.
Device Pinning
Enables the user to be exempt from the maximum number of devices synchronized with their Box account value set for your enterprise in Enterprise Settings > App Use Management.

Co-admin Permissions

This section lists the Co-admin administrative permissions by functional area available for Business Plus and Enterprise customers that you can assign users with the Co-admin role. Co-admins can perform the same tasks in Box as admins and are allowed to manage users and groups, with the following restrictions:

  • Can view, but not edit, details for other co-admins, nor delete other co-admins
  • Cannot view or edit admin details
  • Cannot make another managed user a co-admin
Users and Groups
These options allow a Co-admin to adjust user and group access to content as well as changing a user’s settings. The settings include:
  • Manage users: Add new users or edit existing user information and access levels. Selected by default.
  • Manage groups: Create new groups, assign group admins, or edit existing groups. Selected by default.
Files and Folders
These options allows a Co-admin to log into users’ accounts for auditing purposes. The settings include:
  • View users' content: Access any managed user’s files and folders (read-only access).
  • Edit users' content: Modify any managed user’s files and folders.
  • Log in to users' accounts: Log in to any managed user’s account.
Reports and Settings
These options allow a Co-admin to run reports and adjust the account as a whole. The settings include:
  • View settings and apps for your company: Read-only access to your organization’s settings and applications.
  • Edit settings and apps for your company: Modify your organization’s settings and applications.
  • Run new reports and access existing reports: Access existing reports and create new reports for your organization.
Policies
These options allow a Co-admin to see and interact with policies for your company. The settings include:
  • View policies set up for your company: Read-only access to existing policies for your organization.
  • Create, edit, and delete policies for your company: Create, modify, or delete your organization policies.
Automations/Relay
These options allow a Co-admin to work with automations for your company. The settings include:
  • View automations set up for your company: Read-only access to existing automation processes for your organization.
  • Create, edit, and delete automations for your company: Create, modify, or delete your organization's automation processes.
Metadata
These options allow Co-admins to create and edit metadata templates. The settings include:
  • Create and edit metadata templates for your company: Create and modify metadata templates used throughout your organization.
Shield
These options allow Co-admins to create and edit Shield security policies. The settings include:
  • View Shield lists and alerts for your company: Read-only access to Shield lists and alerts in your organization.
  • Create, edit, and delete Shield configuration for your company: Create, edit, and delete Shield detection rules, access policies, and information barriers in your organization.

Note

In the legacy design, these options read:

  • View Shield Dashboard for your company
  • Edit Shield configuration for your company
GxP
These options allow Co-admins access to the GxP Dashboard. These options include:
  • View GxP Dashboard: View the GxP Dashboard, test results, and release notes.
Sign
These options allow Co-admins to edit Sign settings. These settings include:
  • View and edit Sign permissions: View and modify Sign permission settings used for your organization.
  • View and edit Sign legal settings: View and modify Sign legal settings used for your organization.

Folder Collaborations

Lists the folders that the user has been invited to collaborate. You can adjust the widths of the columns in this section to view any truncated content. An admin can also click Edit and:

  • Click Select New Folder to add folders to the user's folder collaboration list.
  • Select one or more folders and then click Remove Access to remove the folders from the user's folder collaboration list.

Groups

Lists the user groups that the user is a member of. You can adjust the widths of the columns in this section to view any truncated content. An admin can also click Edit and:

  • Click Select Groups and then either add the user to additional groups or remove the user from any groups that they are a member of.
  • Hover over the group name and click Remove to remove the user from that group.
  • Change the Access Level of the user in the group. You can select from:
    • Member - User is allowed access to the group and its functions.
    • Group admin - User has group admin-level access to the group, which means they can edit group membership, content access, and settings. See Designating Group Admins for more information on configuring group admins.

      Note

      If a user is made a Box admin or co-admin, they will lose group admin status of any groups that they are a member of.

    (In the legacy design, you can also select None, which removes the user from the group.)

Managed Devices

List which Box applications available within your company can be used by the user.

This section was titled Installed Applications in the legacy design.

External Users Tab

The External Users tab lists all external user accounts. External users are collaborators that are not in your Box organization. They may not share your company domain(s) and are not subject to enterprise policies.

The columns in the list include the following external user data:

  • Name
  • Email (default sort)
  • User ID
  • Date Added
  • Collaborations

in the list of external users on this tab you can:

  • Click on the Name or Email column header to sort the list of external users by that attribute.
  • View details of an external user.
  • Delete an external user.
  • Make an external user a managed user (if the external users shared a domain that you manage).

Double-click a row to view details about an external user. At the top of the external user details page is a summary that includes the external users avatar, name, email, and user ID. An external user details page has the following sections:

User Details

The information in the User Details section of an external user is not editable and contains the following information:

Name
Typically the name of the person to whom the user account is assigned to. The value in this field is used in reports and logging. The field may not have a value.
Email
The email address of the external user. This email address is where notifications and other Box communication will be sent. If the email address is within one of your organization's domains, you can convert the external user to a managed user.

Folder Collaboration

Lists the folders that the external user has been invited to collaborate. You can adjust the widths of the columns in this section to view any truncated content. An admin can also click Edit and:

  • Click Select New Folder to add folders to the external user's folder collaboration list.
  • Select one or more folders and then click Remove Access to remove the folders from the external user's folder collaboration list.

Groups Tab

The Groups tab lists all user groups defined in your organization. Groups are listed in alphabetical order by name.

Click a group name or double-click a row to view details about a group. A group details page has the following sections:

Group Details

This section lists the settings in the the Group Details section of a group and describes each setting.

(Group) Name
Required. The name of the group. It must be unique. The value in this field is used in reports and logging.
Description
Optional additional information about the group. Use the Description field to summarize the purpose of the group, what users are in the group, and what the group has access to.
Permission Setting
Defines which users in your account can invite this group to share content and view the members of this group. Select from:
  • Company (default) - Anyone in your company can provide this group access to folders, view members in this group, and assign a task to members in this group.
  • Group Members - Only group members can provide this group access to folders, view other members, and assign a task to members in this group.
  • Admins Only - Only Admins can invite this group to folders, view members in this group in the Admin Console, and assign a task to members in this group.

Members

Lists the members of the group in alphabetical order by name. An admin can also click Edit and:

  • Filter the list by name or email address.
  • Add managed users as members to the group.
  • Change the permission of a group member. For members who are not Co-admins, you can select from:
    • Member - User is allowed access to the group and its functions.
    • Group Admin - User has group admin-level access to the group, which means they can edit group membership, content access, and settings. See Designating Group Admins for more information on configuring group admins.

Shared Folders

Lists the folders that the users in the group share. An admin can also click Edit and:

Related articles