Unmanaged users are people who create Box accounts with your corporate email domain outside your enterprise instance. Because they sit beyond your security controls, they:
- Can store or collaborate on sensitive data you can’t see or govern
- Can cause duplicate identities that complicate onboarding/offboarding
- Are not affected by retention, eDiscovery, and data loss prevention (DLP) policies
Cleaning up these accounts, and blocking new ones, reduces data-exposure risk, helps keep you compliant, and simplifies identity management.
Instructions for self-service repatriation are below. Another option is to work with the Box Consulting team, which is recommended for complex metadata retention or strict permission preservation at scale. A cost is incurred for Box Consulting services.
Prerequisites and domain ownership
- Verify your domains
a. Follow the Box Domain Management & Verification steps to add every owned domain
b. Enable Auto-Enrollment so users on those domains are added into your enterprise automatically
Note: When auto-enrollment is tied to SSO, new sign-ups are sent to your identity provider for confirmation. If accepted, they become a managed user. If rejected, they cannot create an account. See more information for Setting up SSO Auto-Provisioning.
-
SSO setup (optional - recommended)
- Configure Single Sign On (SSO) to help encourage platform usage
Note: The repatriation process does not impact users' ability to access content or collaborate. Once users are converted to managed users you can edit, delete, enforce security settings, and run activity reports on these users.
Identify and convert unmanaged users
To identify and convert unmanaged users:
- Navigate to the Admin Console, then Users & Groups
- Select the External Users tab
- Select Unmanaged Users from the dropdown
- Select your target user or multiple users
- Select Make Managed User
- Select to Send the mandatory email, alerting users their account will be converted to a managed Box account effective 14 days from that date
- All users will be brought into your Enterprise after 14 days
For more information, see Converting Unmanaged Users to Managed Users.
Post-enrollment user management
Scenario |
Action |
| Active employee: owns or collaborates on business content | Keep as managed user |
| Former employee: has business-relevant files | Delete* and transfer content (then transfer the content to a new owner or archive it) |
| Former employee: has no unique data | Delete* (with or without transfer) |
| External vendor |
When using your domain: Verify their legitimacy, then create a managed account in your instance or ask them to switch to their own domain. When not using your domain: Create a managed account for them or leave them as unmanaged users. |
Note: You are only able to delete a user after they have been added as a managed user. Unmanaged users are unable to be deleted by an Admin or Box Support.
Additional help
Need |
Channel |
Example Reasoning |
| End-to-end rollout (SSO, auto enrollment, bulk cleanup) | Box Consulting | “We need to bulk migrate unmanaged users and keep metadata/permissions—please help us scope.” |
| Answer process questions and general guidance | CSM | “Post enrollment we may need X more licenses—can you advise?” |
| Licensing questions | AE | “Post enrollment we may need 150 more licenses—can you advise?” |
| Unexpected error during the process that is not documented here | Product Support Ticket | “We attempted to enroll unmanaged users; however we are encountering an error we haven’t seen before” |