Enterprise settings define how Box works in your enterprise, and the settings in the Security tab define settings for security and access to Box. This topic contains the following sections:
- Signup and Login
- 2-Step Login Verification
- Password Requirements
- Uploads
- Session Duration for All Users
Signup and Login Section
This section allows you to set up options for managed users to create accounts and sign in.
| Setting | Description |
|---|---|
| Self signup |
Available only if you have defined a custom URL for your enterprise, which you do in Enterprise Settings > Custom Setup > Company Profile > Custom Subdomain. Allows people in your enterprise to create their own managed user Box accounts, as well as allowing admins to create managed user accounts. This can be a good option if you’re not concerned about your seat count. If you enable this option, you may also want to enable the Account Creation Notification option. |
| Account Creation Notification |
Determines if an email notification is sent to all Box admins and co-admins in your enterprise when a managed user account is created. When you select this option, also select the notification frequency:
You may not want to select this option if you have not selected the Self signup option because without self signup, only admins can create managed user accounts. |
| User email/login |
Select this option to prevent users from changing the email address in their managed user account. |
| Failed logins |
Determines is an email notification is sent to the primary Box admin in your enterprise after a set number of failed login attempts over any amount of time of a managed user account. When you select this option, select also how many failed login attempts must occur before a notification is sent. You can select any number from 3 (default) to 8. |
2-Step Verification Section
This section allows you to define requirements for 2-step verification, also known as 2-factor authentication (2FA).
| Setting | Description |
|---|---|
|
Managed Users |
|
| Require 2-step verification for all managed users |
Determines if 2-step verification must be used for all managed users. When you enable this option, you must also select an Authentication Method for managed users. |
| Authentication Method |
When you enable Require 2-step verification for all managed users, you must select a 2FA authentication method:
|
|
External Collaborators |
|
| Require 2-step verification for external collaborators |
Determines if 2-step verification must be used for all external collaborators. When you enable this option, you must also select an Authentication Method for external collaborators. |
| Authentication Method (External Collaborators) |
When you enable Require 2-step verification for external collaborators, you must select a 2FA authentication method:
You can also click Configure to configure which external collaborators require 2-step verification and when 2-step verification is required. If you do not define any additional configuration when you select 2-step verification for external collaborators, it will be required for all external collaborators and as soon as you save your settings. |
| (Configure) 2-Step Verification for External Collaborators |
Determines which external collaborators will require 2-step verification and when 2-step verification will be enforced. This dialog box has 2 sections, one where you select who 2-step verification will be enabled for and one where you select when it will be enforced. Enable for... Select from:
Domains When Enable only for select domains or users or Enable for all external collaborators except select domains or users is selected, a Domains field will appear. Enter one or more valid email addresses or domains. Press Enter after entering each email address or domain. Enforcement... Select from:
If you select Enforce on a future date and send notification warnings to existing affected users, notification email messages will be sent out to all external collaborators affected, which means:
If you select Enforce immediately, Box sends an email to external collaborators and enforces 2FA immediately. Depending on the number of external collaborators, activation of enforcement may take a few minutes. While enforcement activation is in progress, you cannot edit the configuration. If you try to edit the configuration before enforcement is active, Box displays a warning message. If you select Enforce on a future date and send notification warnings to existing affected users, external collaborators affected by the configuration receive up to 3 notifications:
External collaborators can enroll in 2FA before the 2FA requirement is enforced. You can edit the 2FA configuration, including the enforcement date, any time before the configured enforcement date. If any additional external collaborators are added in your Box enterprise before the selected date and will be affected by this configuration, they will also receive a notification email message with information about the future 2-step verification requirement. Notes
|
Password Requirements Section
This section allows you to define password requirements.
Note
If your enterprise account is SSO-enabled, these password settings apply to a user's external "Box-specific password," not the user's SSO password. This is also where you can require strong passwords for external collaborators.
| Setting | Description |
|---|---|
| Minimum required characters |
Defines the minimum number of characters required for passwords. Select from:
|
| Require Number(s) |
Determines if numbers (numerals, characters from 0 to 9) are required for passwords, and if so, the minimum number required. This counts towards the minimum number of characters required. Select from:
This option is cleared as its default value. |
| Require special character(s) |
Determines if special characters (non alpha-numeric characters such as ! @ / $ &) are required for passwords, and if so, the minimum number required. This counts towards the minimum number of characters required. Select from:
This option is cleared as its default value. |
| Require at least one uppercase letter |
Determines if at least one of the alphabetic characters required for passwords must be uppercase (a capital letter). This option is cleared as its default value. |
| Prevent common words/email address as a password. |
Determines whether you prevent users from choosing common words or email addresses as passwords. Using common words or words in the dictionary or using email addresses makes it easier for unwanted users to guess passwords and to log in to your users' accounts. Box recommends selecting this option (its default value), which will make your users' accounts more secure. |
| Require users to reset passwords every [number] days |
Determines if you require users to reset their passwords every selected time period. If selected, on the next login after the time period selected past a user's previous password reset, the user will be asked to reset their password before they will be allowed to log in. If enabled, select from:
|
| Perform a global password reset now |
Click to require all users and admins to change their passwords immediately. Note If your enterprise has more than 1,000 managed users, please reach out to Box Support to perform a global password reset. |
| Prevent reusing passwords from last [number] times |
Determines if users are prevented from reusing passwords. If enabled, you can select any number from 4 (default) through 12. |
| Notify admins when users request a forget password email |
Determines if all of your enterprise Box admins will receive an email when a user requests a forgotten password email. This option is cleared as its default value. |
| Notify admins when users change passwords in Settings |
Determines if all your enterprise Box admins will receive an email when a user changes their password in their Account Settings. This option is cleared as its default value. |
| Require strong passwords for external collaborators |
Determines if external collaborator accounts require strong passwords. With this setting enabled, passwords from external collaborators have to meet certain security criteria before the user will be able to access the content owned by your organization. A "strong" password is not the same as the one you define in the Password Requirements section, but it does meet the following requirements:
This option is cleared as its default value. Box will send an email notification to new and existing external collaborators when you enable this setting, and they need to log in and change their password to access content owned by your organization. Note If your organization has SSO (single sign-on) enabled, but not required, external collaborators who are informed that they must use a strong password must still update that password to access shared content. |
Uploads Section
| Setting | Description |
|---|---|
| Allow regular (unencrypted) FTP |
Determines if your managed users can access Box via unencrypted FTP. (Note that your managed users automatically can access Box via encrypted FTP, or FTPS.) This option is cleared as its default value. |
Session Duration for All Users Section
| Setting | Description |
|---|---|
| Session Duration for All Users |
Determines the amount of time that managed users can be logged in to the Box web app with no activity, defined as any explicit user action, before being logged out automatically. The logout will occur upon the next user action after session expiration. Select from:
|