Box Status
Print

Multiple EID Management

Multiple Enterprise ID (EID) management allows you to have visibility of multiple subordinate EIDs from a centralized viewpoint. Once multiple subordinate enterprises have been set up, you can compare accounts at a glance.

There is 1 primary (parent) EID and can be multiple subordinate (child) EIDs. The parent will have visibility into the subordinate EIDs, but no edit control at this time. The subordinate EIDs will have no visibility into each other.

This product is only available to Enterprises in the Enterprise Plus and Enterprise Advanced plans. As long as one of the EIDs, either the parent or the child EID is at the Enterprise Plus or Enterprise Advanced tier, this product can be used (i.e. the higher tier does not need to be the parent). The following information about the subordinate (child) EIDs is displayed in the Admin Console to the primary admin of the primary (parent) EID:

  • Enterprise EID number
  • Primary admin email address
  • The enterprise
  • Add-ons
  • Number of managed users
  • Number of unmanaged users
  • Storage
  • Status (Connected, Pending, or Expired) 

The parent enterprise can view, compare and monitor settings through API:

  • Security (enterprise settings)
  • User settings (enterprise settings)
  • Content and sharing (enterprise settings)
  • Shield classification labels/detection rule settings

With this functionality enabled, partners can also build integrations to monitor for configuration drift, including integration of core settings with select SSPM vendors.

Set up Multiple EID management

Create an invite

Start by identifying which of your Box accounts will be the parent enterprise, and which the child enterprise(s), and the associated primary admin emails. There are no nested relationships (e.g. a parent enterprise cannot be nested within another parent enterprise). 

Next, as the primary admin of the parent enterprise, create a relationship between these enterprises:

  1. Click into the Admin Console.
  2. Navigate to Account & Billing.
  3. From within the Enterprise Organization section, select either Get Started or Create Invite.

Note: In order to have the permission to be a parent EID, you must submit a ticket to Product Support. 

  1. Enter the subordinate’s EID number and primary admin’s email address. Their EID number is displayed on their Account & Billing page.
  2. Select Generate Token.
  3. An MFA challenge will display; select Submit after the code has been successfully entered.
  4. A unique token will display. This will expire in 24 hours. Share the token with the admin of your subordinate EID.
  5. From within Account & Billing > Associated Enterprises, the status will now display as Pending.
  6. The primary admin of your subordinate EID now needs to accept the invite.

Notes

  • Pending invites can be manually canceled within 24 hours of generation, by selecting the ... icon on the Associated Enterprises tab, then selecting Cancel. After 24 hours the token will be automatically invalidated.
  • Only primary admins can view the details of subordinate EIDs.
  • A single parent EID can be linked to up to 500 subordinate EIDs.

Accept an invite

To accept the invitation, the primary admin of your subordinate EID needs to:

  1. Click into the Admin Console.
  2. Navigate to Account & Billing.
  3. Select Get Started from within the Enterprise Organization section.
  4. Input the token that is provided by the parent primary admin (who needs to have created an invite) then select Accept Invite.
  5. An MFA challenge will display; select Submit after the code has been entered.
  6. The ID will now display in the Account & Billing page, within the Enterprise Organization section.
  7. The status will display as Connected in the Account & Billing > Associated Enterprises tab. 

Remove Multiple EID connection

The primary admin of the parent enterprise can remove the connection:

  1. Click into the Admin Console.
  2. Select Account & Billing. 
  3. Select the Associated Enterprises tab.
  4. Select the ... icon, then Remove.
  5. Pass the MFA check then select Submit.

The primary admin of the subordinate enterprise can also remove the connection:

  1. Click into the Admin Console.
  2. Select Account & Billing.
  3. Select Remove via the trashcan icon, displayed within Enterprise Organization.
  4. Pass the MFA check then select Submit.

Access key configurations via API

The Parent EID will be able to call a single API endpoint to view the core security settings of Child EIDs. See our API documentation for details. 

Related articles