Box Status
Print

Users & Groups Settings

Overview , Admin , Article , Product Utilization , Established

Users & Groups settings let you define who has access to your Box enterprise and when and how they access your Box content. This topic contains the following sections:

Managed Users Tab

The Managed Users tab lists all the managed user accounts in your organization. The columns in the list include the following user data:

  • Name
  • Email (default sort)
  • User ID
  • Role
  • Status
  • Storage Used

On this tab you can:

  • Click on the Name or Email column header to sort the list of managed users by that attribute.
  • Click Filter Applied to filter the managed user list by:
    • All Users (default) - Lists the Admin, all Co-admins, and all managed users in your organization.
    • Admins - Lists the Admin and al Co-admins in your organization.
    • Co-admins - Lists users who have been assigned a Co-admin role.
    • App Users - Lists app users who are only accessible via the API, meaning they do not have login credentials.
    • Exempt From Device Limits - Lists users who are exempted from your organization’s maximum allowed devices value, that is, who have the Exempt user from device pinning limits setting in the Role and Access Permission section enabled.
  • Click Bulk Edit to edit multiple managed user accounts at once. See Configuring and Editing Users for details.

Click a user name or double-click a row to view details about a managed user. At the top of the managed user details page is a summary that includes the managed users avatar, name, email, and user ID. A managed user details page has the following sections:

User Details

This section lists the settings in the the User Details section of a managed user and describes each setting. (This section is named User Account Details in the legacy design.)

Name
Required. Typically the name of the person to whom the user account is assigned to. The value in this field is used in reports and logging. Limited to 100 ASCII characters or 50 double-byte characters.
Email
Required. The email address of the user. This email address is where notifications, password resets, and other Box communication will be sent, and should be within your organization's domain.
Notification Email
An additional email address where notifications for this account can also be sent.
In Admin Console > Enterprise Settings > Notifications > Email Notifications, the Allow all users to receive Box notifications at an alternate notification email address setting determines whether Box notifications can be sent to this email. And if that setting is enabled, the Allow all users to change their notification email setting determines whether users can change this email address in their own account settings.
User Title
The value that the user entered in the Your Title field of the Profile tab on their Account Settings page. The value is not editable by Admins on the User Details page in the Admin Console.
Password

Does not reveal the value of the user account password. In this field, you can:

  • Click Forgot password to send a notification email to the user with a link to reset the account password.
  • Select the Require a change of password on next login check box to force the user to change their password the next time they attempt to log in to Box.
  • If SSO has been enabled in your organization in the Admin Console, the value here is SSO enabled and there is no password action you can take here. 
Time Zone

Defines the time zone of where the user is located. Used to determine the correct date and time for user activities.

The user can also change the value of this setting on their own Account Settings page.

Language
Defines the language the user will see in the Box user interface when signed in.
Data Residency Zone

Available when Box Multizones are being used, defines the zone in which the user's content is stored. If you do not manually assign someone to a zone, Box automatically assigns that person to your enterprise's default zone.

When you assign an existing user to a new zone, their existing files migrate to that zone and any new files and folders they create within their own root folder are mapped to the assigned zone. If they create a file within someone else's root folder, that file is mapped to the storage policy of the owner of the file.

Storage Used/Allocated

Indicates the amount of storage used (not available in the legacy design) and defines the total amount of storage, in gigabytes (GB), the user is allocated in your Box organization. Enter a number or select the Unlimited check box.

"Unlimited" is defined as up to the amount your enterprise subscription level contains.

Status
Defines whether the user can currently work in your Box enterprise, and how. Select from:
  • Active: User can log in to Box and use all of Box that you allow in the User Access Permission section.
  • Inactive: User is prevented from logging in and using Box in your enterprise. This user is also hidden from all collaborators.
  • Active View/Upload Only: User can access all of Box that you allow in the User Access Permission section, except that user is prevented from deleting or editing content.
  • Active View Only: User can access all of Box that you allow in the User Access Permission section, except that user is prevented from sharing, deleting, editing, or uploading content.
Account Created
Shows the date the user account was created. This value is system-generated and cannot be changed.
Last Modified
Shows the date that the last change was made to the user account. This value is system-generated and cannot be changed.
Tracking Codes
If any tracking codes have been defined, the fields will appear here.

Note

Co-Admins must have the View settings and apps for your company permission enabled to view tracking codes for other managed users.

Role and Access Permissions

Role

Defines the user account role. Select from:

  • Member - Allows access to Box with no administrative privileges. The member privileges include shared contacts, Box Sync, external collaboration, and device pinning.
  • Co-Admin - Available only with Business Plus and any Enterprise-level tariffs, allows access to Box with both member and co-administrative privileges. Selecting this option adds a section where you select the Co-Admin permissions for this user, including access to users and groups, reports and settings, policies, metadata, and more.

    Note

    For security purposes, a user cannot be given the Co-Admin role if their primary email address in their user account uses a public (for example Gmail, Outlook, or Yahoo) or an unverified domain. See Verifying an Unverified Domain for information about how to verify a domain that you manage.

Shared Contacts
Allows this user to access all other managed users in their contacts list when inviting collaborators. External users will not be accessible unless already collaborating. If you clear this setting, the user will access only the people they are actively collaborating with and will need to manually fill the contacts list.
Box Sync
Enables the user to synchronize files between Box and their computer hard drive via Box Sync.
Restrict External Collaboration
Restricts the user from creating external collaborations for folders they own.
Device Pinning
Enables the user to be exempt from the maximum number of devices synchronized with their Box account value set for your enterprise in Enterprise Settings > Device Pinning.

Co-Admin Permissions

This section lists the Co-Admin administrative permissions by functional area available for Business Plus and all Enterprise-level customers that you can assign users with the Co-Admin role.  If your Box account is a Business plan or lower, Co-Admins do not have access to some Box features.  Additionally, the following restriction applies:

  • Cannot view or edit admin details
Users and Groups
These options allow a Co-Admin to adjust user and group access to content as well as changing a user’s settings. The settings include:
  • Manage users: Add new users or edit existing user information and access levels. Selected by default.
  • Manage groups: Create new groups, assign group admins, or edit existing groups. Selected by default.
Files and Folders
These options allow a Co-Admin to log into users’ accounts for auditing purposes. The settings include:
  • Log in to users' accounts: Log in to any managed user’s account.
  • View Archives and users' content: Access any managed user's files and folders, as well as Box Archive.
  • Edit Archives and users' content: Modify any managed user's files and folders, as well as Box Archive.

Box Archive is available only to Enterprise Advanced accounts and currently supports only Folder-based Legal Holds.

Note

Co-admin's content access permissions override the platform apps permissions, including the Global Content Manager (GCM) scope.

Reports and Settings
These options allow a Co-Admin to run reports and adjust the account as a whole. The settings include:
  • View settings and apps for your company: Read-only access to your organization’s settings and applications.
  • Edit settings and apps for your company: Modify your organization’s settings and applications.

  • Run new reports and access existing reports: Access existing reports and create new reports for your organization. This permission is required for a Co-Admin to:

    • View the Reports page and configure and run reports from there.
    • View the Insights page and configure any of the data tiles or run reports from any data tiles.
    • Run the Collaboration report that is required to enable an information barrier.
Policies
These options allow a Co-Admin to see and interact with policies for your company. The settings include:
  • View policies set up for your company: Read-only access to existing policies for your organization.
  • Create, edit, and delete policies for your company: Create, modify, or delete your organization policies.
Automations/Relay
These options allow a Co-Admin to work with automations for your company. The settings include:
  • View automations set up for your company: Read-only access to existing automation processes for your organization.
  • Create, edit, and delete automations for your company: Create, modify, or delete your organization's automation processes.
Metadata
These options allow Co-Admins to create and edit metadata templates. The settings include:
  • Create and edit metadata templates for your company: Create and modify metadata templates used throughout your organization.
Shield
These options allow Co-Admins to create and edit Shield security policies. The settings include:
  • View Shield lists and alerts for your company: Read-only access to Shield lists and alerts in your organization.
  • Create, edit, and delete Shield configuration for your company: Create, edit, and delete Shield detection rules, access policies, and information barriers in your organization.
GxP
These options allow Co-Admins access to the GxP Dashboard. These options include:
  • View GxP Dashboard: View the GxP Dashboard, test results, and release notes.
Sign
These options allow Co-Admins to edit Sign settings. These settings include:
  • View and edit Sign permissions: View and modify Sign permission settings used for your organization.
  • View and edit Sign legal settings: View and modify Sign legal settings used for your organization.
Shuttle
This option allows Co-Admins to access Shuttle.
  • Manage Shuttle: Use Box Shuttle to analyze and migrate data. Co-Admins with this option enabled can only access Box user accounts to list existing content and add new content using Box Shuttle. They cannot manage Box user accounts in any way.

Folder Collaborations

Lists the folders that the user has been invited to collaborate. You can adjust the widths of the columns in this section to view any truncated content. An admin can also click Edit and:

  • Click Select New Folder to add folders to the user's folder collaboration list.
  • Select one or more folders and then click Remove Access to remove the folders from the user's folder collaboration list.

Groups

Lists the user groups that the user is a member of. You can adjust the widths of the columns in this section to view any truncated content. An admin can also click Edit and:

  • Click Select Groups and then either add the user to additional groups or remove the user from any groups that they are a member of.
  • Hover over the group name and click Remove to remove the user from that group.
  • Change the Access Level of the user in the group. You can select from:
    • Member - User is allowed access to the group and its functions.
    • Group admin - User has group admin-level access to the group, which means they can edit group membership, content access, and settings. See Designating Group Admins for more information on configuring group admins.

      Note

      If a user is made a Box admin or co-admin, they will lose group admin status of any groups that they are a member of.

Managed Devices

List which Box applications available within your company can be used by the user.

This section was titled Installed Applications in the legacy design.

External Users Tab

The External Users tab lists all unmanaged and external user accounts. Unmanaged users are collaborators that have accounts that use a managed domain but are not managed users. External users are collaborators that are not in your Box organization. They may not share your company domain(s) and are not subject to enterprise policies.

The columns in the list include the following external user data:

  • Name
  • Email (default sort)
  • Organization
  • Date Added
  • Last Active
  • Collaborations
  • Invite Status (if any have been invited to become managed users)

The drop-down list in the External Users tab allows to you view either all of your unmanaged users or all of your external users. In either list, you can:

  • Click on the Name or Email column header to sort the list of external users by that attribute.
  • View details of an unmanaged or external user.
  • Delete an unmanaged or external user.

Double-click a row to view details about an unmanaged or external user. At the top of the unmanaged or external user details page is a summary that includes the unmanaged or external users avatar, name, email, and user ID. An unmanaged or external user details page has the following sections:

User Details

The information in the User Details section of an unmanaged or external user is not editable and contains the following information:

Name
Typically the name of the person to whom the user account is assigned to. The value in this field is used in reports and logging. The field may not have a value.
Email
The email address of the unmanaged or external user. This email address is where notifications and other Box communication will be sent.
Organization
For external users, if a member of another Box organization, displays that organization's name.

Folder Collaboration

Lists the folders that the unmanaged or external user has been invited to collaborate. You can adjust the widths of the columns in this section to view any truncated content.

Groups Tab

The Groups tab lists all user groups defined in your organization. Groups are listed in alphabetical order by name.

Click a group name or double-click a row to view details about a group. A group details page has the following sections:

Group Details

This section lists the settings in the the Group Details section of a group and describes each setting.

(Group) Name
Required. The name of the group. It must be unique. The value in this field is used in reports and logging.
Description
Optional additional information about the group. Use the Description field to summarize the purpose of the group, what users are in the group, and what the group has access to.
Permission Setting
Defines which users in your account can invite this group to share content and view the members of this group. Select from:
  • Company (default) - Anyone in your company can provide this group access to folders, view members in this group, and assign a task to members in this group.
  • Group Members - Only group members can provide this group access to folders, view other members, and assign a task to members in this group.
  • Admins Only - Only Admins can invite this group to folders, view members in this group in the Admin Console, and assign a task to members in this group.

Members

Lists the members of the group in alphabetical order by name. An admin can also click Edit and:

  • Filter the list by name or email address.
  • Add managed users as members to the group.
  • Change the permission of a group member. For members who are not Co-admins, you can select from:
    • Member - User is allowed access to the group and its functions.
    • Group Admin - User has group admin-level access to the group, which means they can edit group membership, content access, and settings. See Designating Group Admins for more information on configuring group admins.

Shared Folders

Lists the folders that the users in the group share. An admin can also click Edit and:

Related articles