The Enterprise Settings page is in limited release. If you don't see it now, expect to see it by early 2020.
Box has a large number of security settings you can configure that, taken together, enable you to control system and content access down to a highly granular level. A large number of other settings help you better understand how people across you organization are using Box, such as what devices they’re using, what other apps they’re using, and to what extent you have customized your Box instance.
The settings themselves are dispersed across multiple areas of the Admin Console – mostly under other tabs in the Enterprise Settings section. The Enterprise Settings page aggregates them all. Simply open your Admin Console and click Enterprise Settings. Box displays a simple, comprehensive, and unified view of all of your security-related Box settings. You can see at a glance how Box is configured and whether that configuration aligns with the collaboration and security position you want. View and access:
- permission levels of shared links
- allowable devices for accessing Box and whether to require two-factor authentication
- whether and how you’ve customized your organization’s Box instance
- login and password verification requirements
- usage details on third-party and custom Box Apps
- mobile access
This reduces the risk of unwanted exposure to sensitive content. It also instills a greater sense of confidence, control, and awareness in the level of enterprise security you create and oversee on the Box platform.
In addition to offering this unified display, the Enterprise Settings page enables you to change many of the displayed settings without leaving the page. For other settings, a link displays that takes you to the precise screen in the Admin Console where you can review or modify the setting in question.
In one easy view the Enterprise Settings page helps you answer these basic questions about your Box instance:
What content can my people share, with what level of permission for their collaborators?
In the Safety Settings section, view the Shared Links box for a summary of who in your organization can access shared links, and at what permission level. There’s also a link to the screen you would need to change these settings. You can:
- Set shared link preferences for all content owned by their managed users.
- Identify and disable external shared links that are no longer being used.
- Specify the types of content accessible to non-collaborators.
- Take bulk actions for changing permissions and expire shared links.
More details:
Shared link settings for your enterprise
Best practices for choosing security settings
How are people signing onto Box?
In the Safety Settings section, view the Single Sign-On box for information on the status of your settings, and for a link to the screen you would need to change these settings. You can:
- See whether SSO is enabled.
- Enable or configure SSO.
- Learn which settings are dependent on SSO being enabled
- See whether the dependent settings are enabled or disabled
More details:
Setting up single sign-on for your enterprise
What devices can access which Box applications?
In the Safety Settings section, view the Device Trust box for information on the devices that are allowed to access Box applications, and for a link to the screen you would need to change these settings. You can:
- See whether SSO is enabled
- See for whom SSO is enabled (all users, internal users, and so on)
- Enable or configure SSO.
Are you configuring these settings for the first time? Click Configure.
Are you viewing details of or modifying existing settings? Click Edit.
More details:
What access am I allowing for people outside my company?
In the Safety Settings section, view the External User Login Verification (2FA) box for details on whether and how people outside of your company can access your company’s content. You can also follow a link to the screen you would need to change your configurations.
If you have already whitelisted certain domains for access to Box content, click the Enabled for link to open a window and view and revise a full list of your enabled domains. You can:
- Scroll down a list of domains or search for a specific domain.
- Click Manage Domains to display the 2-step verification for External Collaborators
- Establish or modify 2FA login verification for all of your organization's external collaborators, or just for specific external collaborators based on their domains or email addresses. Then set an enforcement date.
Are you configuring these settings for the first time? Click Configure.
Are you viewing details of or modifying existing settings? Click Edit.
Is 2FA enabled only for certain domains? The number of enabled domains displays as a link. For a list of all these domains, click the link.
More details:
Configuring two-step login verification
Security settings for your enterprise
What is the status for other key settings that comprise how my Box instance is configured and used?
Scroll down the Enterprise Settings page for additional sections that provide an overview of all of the most important configurations in your Box instance. Each section summarizes a screen under one of the Enterprise Settings tabs – Custom Setup, Security, User Settings, Apps, and so on -- and displays the status of the main settings – whether they’re enabled, how they’re configured, and so on. Each section also provides a link that takes you to the screen you would need to change settings. (Clicking this link is the same as clicking the corresponding tab toward the top of the Enterprise Settings page.)
In this way, you can easily:
- Know what settings exist in the Admin Console
- Know the default settings so you can decide whether to keep or change them
- Take bulk actions for changing permissions and expire shared links.
- Know how certain settings are connected to or dependent on other settings within the Admin Console
- Understand how to set up the Admin Console to maximize security around the use of Box
- Gain insight into what users and other admins are doing (reporting, tracking, logging, and so on)
- Avoid wasting time on trivial individual requests by granting control to others for non-security-essential tasks, such as forming groups and pinning devices
- Use the Admin Console to show the value of Box to your leadership