What security settings can I enforce for my users?
As an Enterprise admin, or above, you have access to additional security capabilities that enable you to set account-wide security settings for your managed users.
To access your security settings:
- Log into your account, and navigate to the Admin Console
- In the left sidebar, click Enterprise Settings.
- At the top of the page, click Security.
Signup and Login: In this section, you can enable self-signup, restrict users from changing their email address, set up admin notifications for user activity, and require two-step login verification for unrecognized logins.
2-Step Login Verification: In this section, you can require people to provide a second source of verification to access your enterprise's content.
Password Requirements: In this section, Enterprise Admins can configure password policies for their managed users, including:
- Password strength requirements
- Password resets (automated or manual global password reset)
- Password re-use restrictions
- Notification after a set number of failed attempts
- Maximum session duration limits
Note
If your enterprise account is SSO-enabled, these password settings apply to a user's external "Box-specific password," not the user's SSO password. This is also where you can require strong passwords for external collaborators.
If your enterprise account is SSO-enabled, these password settings apply to a user's external "Box-specific password," not the user's SSO password. This is also where you can require strong passwords for external collaborators.
Uploads: In this section, Enterprise and Elite admins can prevent users from accessing their Box accounts via regular (unencrypted) FTP.
You can also allow your account holders to enable email uploads to folders.
Session Duration for All Users: Here, you can set a limit on how long a managed user can stay logged into their account without activity. The value of Default is 14 days (2 weeks).
Note
Session duration settings apply only to the Box Web application. Any session duration limits set here do not apply to users accessing Box through any other Box endpoints (for example, Box mobile applications, Box desktop applications, m.box.com, Box Notes etc.).
Session duration settings apply only to the Box Web application. Any session duration limits set here do not apply to users accessing Box through any other Box endpoints (for example, Box mobile applications, Box desktop applications, m.box.com, Box Notes etc.).
Application Settings: Here, you can configure the number of applications allowed per user, and control whether you are notified when users log in from these applications.
The Application Settings section is on a different screen from the other security settings, above.
To access the Application Settings section:
- From the Admin Console, in the left sidebar, click Enterprise Settings.
- At the top of the page, click Security.
- Check Enable Device Pinning.
tech_writers_swarm_kb