In this article, you will learn how to:
- Configure critical collaboration settings in the Admin Console
- Determine the impact of an open vs. closed folder structure
You can enable or disable various permission types that are available to managed users when collaborating and sharing files. To do this, navigate to Admin Console > Enterprise Settings > Content & Sharing tab.
This section enables you to set restrictions for how collaborators can be invited to the content in your account or your managed users' accounts. See a detailed explanation of each permission level.
- Default Collaboration Role: Use this setting to modify across your entire organization the default access level to files people share. The standard default access level is Editor. To change this default to the more secure setting of Viewer, click the down arrow and select Viewer.
- Restrict invites: This option enables you to set who can invite collaborators. If this option is enabled then only folder Owners and Co-owners will be able to invite collaborators to a given folder. Admins (including Co-admins and Group Admins) will be able to invite collaborators through the Admin Console.
- Enable invite links: Enabling this option makes it possible for people to use invite links to collaborate.
- Enable group invites: Enabling this option makes it possible for people to invite groups to collaborate in folders.
- Restrict Ownership Transfer: Check this box to prevent people from transferring ownership of a file or folder to external collaborators. Admins and co-admins of the account, however, retain the ability to transfer content ownership.
- External collaboration:
- To enable people from outside your organization to collaborate on content, click Enable external collaboration.
- To restrict such collaboration only to one certain domain, click Limit collaboration to users within <<selected domain>>
- To restrict such collaboration only to multiple certain domains, click Limit collaboration to allowlisted domains.
- To view the allowlist, click Manage Allowlist.
- When the Collaboration Allowlist window opens, you can add, review, or delete domains from your allowlist.
- External Collaborator Invitations: If you have already required external users to have 2-factor verification for unrecognized logins in certain specific domains, you can check this box to in turn restrict external collaborators from inviting other external collaborators. (Find the 2-factor authentication setting by navigating to Admin Console > Enterprise Settings > Security tab.) This option does not display if you have not set up other domains for external collaboration.
Notes on collaboration restrictions:
- The external collaboration features are available to Enterprise and Elite customers only and do not display until enabled by request. Please contact your Box Representative or Box User Services to enable these features.
- You can set collaboration restrictions at the enterprise, user, and folder level. Box uses the most restrictive setting at any given time. For example, if an enterprise allows collaboration with 100 domains and a user within the enterprise further restricts collaborators for a particular folder, that folder is governed by the user's more restrictive settings.
Restrict content creation. This prevents your users from creating any new folders, and restricts their use of Box to those folders to which you've granted them access.