In this document you can find general information about configuration of EMM with Box for available providers.
Table of contents
- Read first
- Prerequisites
- Process flow
- Configuration keys and values
- Related Box reference
- Related provider's reference
Read first
To understand the concepts in the configuration guides, start with reading the following documents:
Prerequisites
Before configuring Box for EMM for a specific provide, make sure that:
- you have a role of Enterprise Admin to set up EMM with Box
- you are an Admin in the provider's console. You can find more information in provider’s documentation:
- all users in EMM-enabled enterprises are managed Box users
- all users have their devices enrolled in the selected vendor's admin console
- Box for EMM and/or Box for Mobile is added to the selected vendor's admin console
- the correct app policy is added
Important:
The Box for EMM solution does not support an enterprise deployment where users are both managed and unmanaged.
Box for EMM for iOS allows users to have Box for EMM alongside a second instance of Box for iPhone/iPad, but it is not recommended. The credentials for each remain separate.
The Box for EMM solution does not support an enterprise deployment where users are both managed and unmanaged.
Box for EMM for iOS allows users to have Box for EMM alongside a second instance of Box for iPhone/iPad, but it is not recommended. The credentials for each remain separate.
Process flow
- Work with the Box Customer Success Manager (CSM) or Box Implementation Consultant (IC) to register for Box for EMM.
- CSM or IC provides you with a Public ID to connect with your selected vendor (provider).
- Upload the Box for EMM app into the admin console of your vendor.
- Create a managed app config that includes the Public ID provided by Box.
- Specify the variables that generate the values pushed to the app.
- Distribute the application to users with your vendor's enterprise app store. The one-time token is used to validate that the Box for EMM app is provisioned by the vendor.
- When a user requests to log in to Box for EMM, the app sends, among others, the user's login credentials and Public ID to the Box server. See the table below for more information.
- The Box server checks the above information to match a user to a vendor's server.
- The Box server calls the vendor's server to validate the security or status of the device, using the Management ID.
- If the Box and vendor's servers validated the user's credentials, Public ID, and Management ID, the user can log in.
Configuration keys and values
Required
Below table lists all configuration keys that are required for the Box for EMM application to run successfully.
| Configuration key | Description | Required for | Configuration value |
| Public ID | A shared secret provided by Box to MDM admin. Identifies the enterprise managing the device and settings to apply. | Microsoft Intune | the public ID provided by Box |
| Management ID | Identifies the device during the management status check. | Microsoft Intune | AnyString |
| com.box.mdm.oneTimeToken | Precaution against tampering with the deploy after Box login. | Microsoft Intune | AnyString |
| User Email Address | Box account to pre-fill and allow during login. | Microsoft Intune | {{userprincipalname}} |
|
Allow Microphone (iOS Only) |
Disable all features which ask for microphone access. | Microsoft Intune | false |
Note:
Key-value pairs may differ depending on your provider. There can be additional key-value pairs needed for a vendor.
Key-value pairs may differ depending on your provider. There can be additional key-value pairs needed for a vendor.
Microsoft Intune
The following key-value pairs are specific for Intune.
| Configuration key | Configuration value | Comments |
| Intune Enterprise | 1 | required for MAM |
| userprincipalname | {{userprincipalname}} | required for MAM |
| IntuneMAMUPN | {{userprincipalname}} | required for MAM |
Optional
| Configuration key | Optional for | Configuration value |
| User Email Address | Microsoft Intune |
{{userprincipalname}} |