Device pinning is device management functionality that enables you to establish a policy to increase security for when your users access Box on mobile or desktop devices. Device pinning associates users' corporate-managed Box accounts to particular mobile devices or Box Sync clients and can set a limit on the number of devices that a user can pin the Box app to.
Device pinning is available to Business and above accounts. Admins and Co-Admins can enable and configure device pinning.
This topic contains the following sections:
- Device Pinning Overview
- Determining a Policy for Device Pinning
- Device Pinning Requirements
- Enabling and Configuring Device Pinning
- Disabling Device Pinning
Device Pinning Overview
With device pinning enabled, then the first mobile app client that a managed user (1) logs in to or (2) performs an action in, the application is pinned to that device. Essentially, pinning associates users' corporate-managed Box accounts to a particular mobile device or Box Sync client. Once an application has been pinned to a device, only the admin can remove that pin.
In the Device Pinning settings, Admins define how many devices the following apps can be pinned to:
- Box Sync
- Box mobile app (iOS, Android, and Windows Phone)
- Box tablet app (iPadOS and Android)
- Box via web browsers and other applications
Admins can set a device limit for any app, and if set, once that limit has been reached by a user, that user will be prohibited from logging in to that app on any additional devices.
Determining a Policy for Device Pinning
The policy you decide on for device pinning is an organizational decision that will vary for each deployment of Box. While a good practice might be to limit Sync to a single corporate laptop, phones and tablets can be transactional devices that get upgraded and replaced frequently. You may opt to have a more open policy for phones and tablets to reduce IT overhead.
Additionally, even if the policy is unlimited for each device type, device pinning gives you visibility into all connected devices throughout the organization and the ability to easily remove them when necessary. An Admin can optionally be notified each time a new device is connected. If the policy is for a limited number of connected devices, Admins can optionally exempt specific users from the policy.
Device Pinning Requirements
Device pinning has the following operating system, hardware, and app requirements:
Operating System Requirements
Device pinning is supported on the following operating systems:
- iOS 6+ (for iPhone & iPad)
- Android 2.2 (Froyo)+
Note
No other devices have minimum operating system requirements.
Hardware/Device Requirements
Device pinning is supported on the following hardware:
- iPhone 4+
- iPad 2+
Box App Requirements
Device pinning is supported for the following Box app versions:
- Box for iPhone/iPad 2.8.3+
- Box for Android 2.1+
- Box for Windows 8.1.5+
- Box for Windows Phone 1.5+
- Box Sync 3.3+
If device pinning is enabled and one of your managed users has an out-of-date operating system, unsupported device, or old version of the Box application, they will be automatically logged out of the app when they next attempt to access Box on that device.
If a user is automatically logged out of the Box application:
- They will need to log in again to access the application
- They will receive an error message telling them they must upgrade their operating system, device or Box app
Enabling and Configuring Device Pinning
- Go to Admin Console > Enterprise Settings.
- Select the Device Protection tab.
- In the Application Settings section, enable Enable Device Pinning.
- For each Application Type, select how many devices per user to allow. See the Device Pinning section in Enterprise Settings: Device Protection Tab topic for details.
- Click Save.
Disabling Device Pinning
- Go to Admin Console > Enterprise Settings.
- Select the Device Protection tab.
- In the Application Settings section, disable Enable Device Pinning.
- Click Save.