Why Box recommends Box SFTP

Understanding the differences

    Box SFTP vs Box FTPS

    Key changes for Box SFTP

    Common use cases

    Technical requirements for Box SFTP and Box FTPS

Migration guide  

    Migrating with Beyond Compare

    Migrating with command-line tools

    Migrating with Cyberduck

     Migrating with FileZilla

     Migrating with Qualtrics

     Migrating with WinSCP  

    Migrating with Workday

Best practices

Migration checklist

General troubleshooting for all clients

Glossary

Box documentation links

This comprehensive guide covers the differences between Box SFTP and Box FTPS, explains why you should migrate to Box SFTP, and provides step-by-step instructions for migrating from FTP/Box FTPS to Box SFTP across different software platforms.

Why Box recommends Box SFTP

Box explicitly recommends Box SFTP as a more secure and better-performing option for file transfers. While both Box SFTP and Box FTPS are available for Business and Enterprise accounts, Box SFTP provides significant advantages that make it the better choice for most integrations.

Reasons to choose Box SFTP

For new integrations, choose Box SFTP. For existing Box FTPS integrations, consider migrating to take advantage of these benefits.

Faster download speeds

Box internal tests show Box SFTP delivers three times faster download performance compared to Box FTPS.

• Better for high-volume file transfers and time-sensitive operations.
• More efficient protocol reduces transfer time and costs.

Simpler network setup

• Box SFTP: Uses a single port (22) - simple firewall configuration.
• Box FTPS: Requires multiple ports (control port + ports 10,000-29,999 for data).
• Easier to configure, especially in cloud environments.
• Fewer security policy exceptions needed.

Resumable downloads

• Box SFTP supports resuming interrupted file transfers.
• If a connection drops, you can continue where you left off.
• Box FTPS does not support resumable transfers - you must restart from the beginning.
• Critical for large files and unreliable network connections.

Better directory capacity

• Box SFTP: Supports directories with up to 100,000 items.
• Box FTPS: Limited to 20,000 items per directory (all actions blocked at this limit).
• Essential for enterprise-scale integrations with large folder structures.

Better security and reliability

• Box's recommended secure option.
• End-to-end encryption by default.
• Better handling of network interruptions.
• More reliable for large file transfers.

Granular access control

• Box SFTP: Can be enabled for selected users or groups - only give access to those who need it.
• Box FTPS: Can only be enabled for the entire enterprise - all-or-nothing approach.
• Better security through principle of least privilege.
• Easier to manage and audit who has file transfer access.

Regional deployment and data residency

• Box SFTP: Deployed in Box zones - available in multiple regions.
• For customers with Box Zones, Box SFTP is available in 4 additional regions: Australia, Japan, and two Europe regions.
• Better compliance - data processing happens in your region, meeting GDPR and local data protection requirements.
• Better performance - shorter distance between server and client reduces latency and improves transfer speeds.
• Box FTPS: Only available through a single global endpoint - no regional options.

Understanding the differences

Box SFTP vs Box FTPS

Key changes for Box SFTP

• Port: Use port 22 (not 21)
• Protocol: Select SFTP (not FTP or FTPS)
• Authentication: Username and password (same as your Box account)
• MFA: If enabled, you'll be prompted for a verification code after entering your password
• Server Address: (sftp_address): Throughout this guide, sftp_address refers to your Box SFTP server address. If you have Box Zones enabled, see Choose the Correct SFTP Endpoint for Your Region to find your regional endpoint. Otherwise, use sftp.services.box.com.

Common use cases

Choose Box SFTP for:

• High-volume file transfers
• Cloud-to-cloud integrations
• Large directory structures (over 20,000 items)
• Unreliable network connections (benefits from resumable downloads)
• Time-sensitive operations (three times faster download speeds)
• Modern cloud environments
• Regional compliance requirements (GDPR, data residency)
• Global organizations needing regional performance optimization
   

Technical requirements for Box SFTP and Box FTPS

Both protocols

• Unlimited download file size
• Maximum upload file size: 32GB
• Maximum 40 concurrent connections per user
• Available for Business and Enterprise accounts (must be enabled by admin)

Box SFTP setup

• Port: 22
• Must be enabled in Box Admin Console: Integrations > Box SFTP Server
• Can be enabled for selected users or groups - granular access control
• Regional deployment available - For Box Zones customers, available in Australia, Japan, and two Europe regions

Box FTPS setup

• Server: ftp.box.com
• Ports: 990 (implicit) or 21 (explicit)
• Data channel: Ports 10,000-29,999 must be open
• Must be enabled in Box Admin Console: Enterprise Settings > Box Clients > Server
• Can only be enabled for the entire enterprise - all users get access

Migration guide

This section provides step-by-step instructions for migrating from FTP/Box FTPS to Box SFTP in different software platforms.

If you're currently using Box FTPS or FTP, migrating to Box SFTP is straightforward:

• Most modern clients support both protocols
• You can run both in parallel during migration
• Similar authentication (username/password)
• File operations work the same way

Migrating with Beyond Compare

Beyond Compare is a powerful comparison and synchronization tool that supports SFTP connections.

Prerequisites

• Beyond Compare version 4 or 5 (paid version)
• Your Box account email and password
• Box SFTP server address: sftp_address

Connection steps

Create new profile

1. Launch Beyond Compare.
2. Click Beyond Compare > Profiles.
3. Click New or +”. 
4. Choose FTP Profile.

Configure SFTP connection

Login tab:

• Protocol: Choose SFTP (SSH2)
• Host: sftp_address
• Port: 22
• Username: Enter your Box account email
• Password: Enter your Box password

Save profile

1. Click Save As…
2. Enter profile name (for example, “Box SFTP”).
3. Click OK.
4. The profile will appear in your profiles list.

Open Folder Compare

1. Launch Beyond Compare.
2. Right click on Folder Compare from the Home View.
3. Click Open. 
4. Select your Box SFTP profile on left or right view.

Handle MFA (if enabled)

If MFA is enabled:

1. Beyond Compare will ask for the verification code.
2. Enter the six-character alphanumeric code (without the space) into the Verification code field when prompted.
3. Click OK.

Beyond Compare tips

Ensure you're using SFTP protocol, not FTP.

Session settings

1. Go to Session > Session Settings.
2. Configure comparison rules, filters, and sync options.

Save session

After configuring, save the session for future use.

• Go to Session > Save Session.

Migrating with command-line tools

Command-line tools provide powerful scripting and automation capabilities for SFTP connections.

Available command-line tools

Handling MFA in command-line

If MFA is enabled, you'll be prompted:

• Password: [enter your password]
• Verification code: [Enter the six-character alphanumeric code (without the space) into the Verification code field in your SFTP client]

Important:

• Some command-line tools may not support interactive MFA prompts.
• For automated scripts, consider using accounts without MFA.
• Ensure your client supports keyboard-interactive authentication.
   

Using sftp (built-in SFTP client)

The sftp command is available on Linux, macOS, and Windows (via OpenSSH).

Basic Connection

sftp username@sftp_address

Replace username with your Box account email.

Interactive commands

Once connected, you can use these commands:

# List remote directory
ls
# Change remote directory
cd /path/to/folder
# List local directory
lls
# Change local directory
lcd /local/path
# Upload file
put localfile.txt remotefile.txt
# Upload multiple files
put *.txt
# Download file
get remotefile.txt localfile.txt
# Download multiple files
get *.txt
# Download directory (recursive)
get -r /remote/folder
# Upload directory (recursive)
put -r /local/folder
# Create remote directory
mkdir newfolder
# Remove remote file
rm file.txt
# Remove remote directory
rmdir folder
# Show current remote directory
pwd
# Show current local directory
lpwd
# Exit
exit

Non-interactive usage (batch mode)

# Upload file using heredoc
sftp username@sftp_address << EOF
put localfile.txt remotefile.txt
exit
EOF
# Download file
sftp username@sftp_address << EOF
get remotefile.txt localfile.txt
exit
EOF

Verbose mode (debugging)

# Show detailed connection information
sftp -v username@sftp_address
# Extra verbose (debug level 2)
sftp -vv sftp_address

Using scp (secure copy)

scp is great for quick file transfers without interactive sessions.

Upload file

scp localfile.txt username@sftp_address:/remote/path/

Download file

scp username@sftp_address:/remote/path/file.txt ./

Upload directory (recursive)

scp -r /local/folder username@ssftp_address:/remote/path/

Download directory (recursive)

scp -r username@sftp_address:/remote/path/folder ./

SCP options

# Show progress
scp -v localfile.txt username@sftp_address:/path/
# Compress during transfer
scp -C localfile.txt username@sftp_address:/path/
# Limit bandwidth (in Kbit/s)
scp -l 1024 largefile.zip username@sftp_address:/path/

Using lftp (advanced FTP/SFTP Client)

lftp is a sophisticated file transfer program with scripting capabilities.

Installation

Linux:

sudo apt-get install lftp  # Debian/Ubuntu
sudo yum install lftp      # RHEL/CentOS

macOS:

brew install lftp

Basic Connection

lftp sftp://username@sftp_address

Interactive commands

# List files
ls
# Change directory
cd /path/to/folder
# Upload file
put localfile.txt
# Download file
get remotefile.txt
# Mirror directory (sync)
mirror -R /local/folder /remote/folder  # Upload
mirror /remote/folder /local/folder     # Download
# Parallel transfers (4 connections)
set mirror:parallel-transfer-count 4
mirror /remote/folder /local/folder
# Exit
quit

Script example

#!/bin/bash
lftp sftp://username@sftp_address << EOF
cd /remote/folder
put /local/file.txt
quit
EOF

Advanced features

Mirror with options:

# Mirror with delete (sync exactly)
mirror --delete /remote/folder /local/folder
# Mirror only newer files
mirror --newer-than="2024-01-01" /remote/folder /local/folder
# Parallel downloads
mirror --parallel=4 /remote/folder /local/folder

General command-line

Useful command-line reference

# Test Box SFTP connection
sftp username@sftp_address

# Test port connectivity
telnet sftp_address 22

# Check SFTP version
sftp -V

# Verbose connection (for debugging)
sftp -v sftp_address

Migrating with Cyberduck

Cyberduck is a free, open-source cloud storage browser for macOS and Windows with support for SFTP, FTP, WebDAV, and various cloud storage services.

Prerequisites

• Cyberduck (free download from cyberduck.io)
• Your Box account email and password
• Box SFTP server address: sftp_address

Connection steps

Launch Cyberduck

Open Cyberduck application - the main browser window will open

Open connection dialog

1. Click Open Connection in the toolbar (or press Cmd+O or Ctrl+O)
2. The connection dialog will appear

Configure SFTP connection

In the connection dialog:

• Protocol: Select SFTP (SSH File Transfer Protocol) from the dropdown menu.
• Server: sftp_address
• Port: 22 (automatically filled when SFTP is selected)
• Username: Enter your Box account email
• Password: Enter your Box password

Optional settings

SSH Private Key: Leave as "None" (not currently supported by Box SFTP)

Connect

1. Click Connect button
2. On first connection, you'll see an Unknown Fingerprint warning:
   • This is the server's host key.
   • Check the fingerprint (if provided by your administrator) or verify on the Box SFTP Documentation page. 
   • Check Always to trust this key permanently.
   • Click Allow to accept and continue.

Handle MFA (if enabled)

If Multi-Factor Authentication is enabled:

1. After entering your password, Cyberduck will prompt for additional authentication.
2. A dialog will appear requesting Verification code.
3. Enter the six-character alphanumeric code (without the space) into the Verification code field in your SFTP client from your authenticator source.
4. Click Continue or press Enter.
    

Creating a Bookmark (saved connection)

To save your connection for quick access:

1. After connecting, go to Bookmark > New Bookmark.
2. Configure the bookmark settings (also shown in screenshot below):
   • Nickname: Enter "Box SFTP" (or your preferred name)
   • Protocol: SFTP
   • Server: sftp_address
   • Port: 22
   • Username: Your Box account email
   • Password: Enter your Box password
   • SSH Private Key: Leave as "None" (not currently supported by Box SFTP)
   • Path: Optional starting directory
3. Click Close.

Accessing Bookmarks

• Bookmarks appear in the main window's sidebar.
• Double-click a bookmark to connect instantly.
• Organize bookmarks. 

Cyberduck tips

Performance:

• Multiple Connections: Increase concurrent transfers for faster bulk operations.
• Bandwidth Throttling: Limit transfer speed in Preferences > Bandwidth.
   

Cyberduck CLI (duck)

Cyberduck also offers a command-line version called duck for scripting and automation.

Installation:

# macOS (Homebrew)
brew install duck
# Windows (Chocolatey)
choco install duck

Usage:

# Upload file
duck --upload sftp://username@sftp_address/path/to/remote file.txt
# Download file
duck --download sftp://username@sftp_address/path/to/file.txt ./
# List directory
duck --list sftp://username@sftp_address/path/
# Synchronize directories
duck --synchronize sftp://username@sftp_address/remote/folder /local/folder

Common Cyberduck issues

"Unknown fingerprint" or "Host key verification failed"

• Solution: This is normal on the first connection.
• Verify the host key with the Box SFTP Documentation page.
• Click Allow and check Always to trust the server.
• If it appears again unexpectedly, contact your administrator.

"Connection failed" or "Connection timeout"

• Solution: Verify server address (sftp_address) and port (22).
• Check firewall and network settings.
• Try increasing timeout in Preferences > Connection.

"Login failed" or "Authentication failed"

• Solution: Verify username (should be your Box email) and password.
• Ensure SFTP protocol is selected (not FTP).
• If MFA is enabled, make sure you enter the six-character alphanumeric code (without the space) into the Verification code field in your SFTP client when prompted.

"Permission denied" during upload

• Solution: Verify you have Write permissions in Box.
• Check if the target folder exists.
• Ensure you have sufficient storage quota.

Transfer is slow

• Solution: Increase concurrent transfers in Preferences > Transfers.
• Check your network connection speed.
• Try transferring during off-peak hours.

MFA prompt not appearing

• Solution: Ensure you're using SFTP protocol (not FTP).
• Update to the latest version of Cyberduck.
• Some older versions may have issues with keyboard-interactive auth.
   

Migrating with FileZilla

FileZilla is a free, open-source FTP client that supports SFTP connections.

Prerequisites

• FileZilla Client (any recent version)
• Your Box account email and password
• Box SFTP server address: sftp_address

Connection steps

Open Site Manager

1. Launch FileZilla
2. Click File > Site Manager (or press Ctrl+S or Cmd+S)

Create new SFTP site

1. Click New Site.
2. Type a descriptive name (for example, "Box SFTP").

Configure connection settings

In the General tab:

• Protocol: Select SFTP - SSH File Transfer Protocol.
• Host: sftp_address
• Port: Enter 22
• Logon Type: Normal.
• User: Enter your Box account email.
• Password: Enter your Box password (leave blank if you prefer to enter it each time).

Advanced settings (optional)

Click the Advanced tab:

• Default remote directory: Leave empty or set to your preferred starting directory.
• Default local directory: Set to your preferred local folder.

Save and connect

1. Click OK.
2. Click Connect.

Handle MFA (if enabled)

If Multi-Factor Authentication (MFA) is enabled:

1. After entering your password, you'll see a prompt: Verification code.
2. Enter the six-character alphanumeric code (without the space) into the Verification code field in your SFTP client from your authenticator source (SMS or e-mail).
3. Press Enter.

Verify connection

You should see your remote directory structure in the right panel.
The status bar should show "Directory listing successful".

FileZilla quick connect

For quick access without saving a site, use the Quick Connect bar at the top of FileZilla.

1. Type the following:
   • Host: sftp_address
   • Username: Your Box login.
   • Password: Your Box password.
   • Port: 22.
2. Click Quickconnect

FileZilla tips

• Transfer Settings: Go to Edit > Settings > Transfers and adjust concurrent transfers. If your account uses MFA, set the number of simultaneous transfers to 1.  Using multiple simultaneous transfers with MFA enabled will cause authentication failures.
• Keep-Alive: Enable keep-alive to prevent connection timeout during long transfers.
• Transfer Mode: Binary mode is used automatically for SFTP.

Common FileZilla issues

"Connection refused" or "Connection timeout"

• Solution: Verify the server address (sftp_address) and port (should be 22)
• Check firewall settings

"Authentication failed"

• Solution: Verify username and password are correct.
• If MFA is enabled, ensure you're entering the six-character alphanumeric code (without the space) into the Verification code field.
• If MFA is enabled and you are transferring multiple files at the same time, reduce the number of simultaneous transfers to 1. Go to Edit > Settings > Transfers and set maximum simultaneous transfers to 1. Transferring files in parallel while MFA is active can interrupt the login process and cause transfers to fail.

"Unknown host key"

Solution: Verify the host key with Box SFTP Documentation page and check the Always trust this host, add this key to the cache checkbox, and click OK to accept the host key (first connection only).

Migrating with Qualtrics

Qualtrics ETL Workflows include two built-in SFTP tasks — Extract data from SFTP files (inbound) and Load data into SFTP (outbound) — that can connect to Box SFTP to automate the transfer of survey responses, contacts, employee data, and other ETL output on a schedule or event.

Prerequisites

• A Qualtrics license with Workflows enabled
• Brand Administrator access (to add an SFTP account brand-wide via Admin > Extensions), or individual-user access (to add a personal account from inside   the SFTP task)
• Box SFTP server address: sftp_address
• A Box account email and password
  • Box SFTP supports only username/password authentication. The Qualtrics "SSH Key" and "Encrypted SSH Key" options will not work against Box SFTP and must not be selected.
  • The Box account used for the integration must NOT have Multi-Factor Authentication enabled. Qualtrics workflows run unattended and cannot supply a six-character verification code; use a dedicated service account without MFA, or work with your Box admin to use an account with MFA bypass policies.
  • SSO logins are not supported by Box SFTP. If the account uses SSO, set a Box-specific password under Account Settings > Account > Authentication and use that password in Qualtrics.
• Box folder permissions appropriate for the Qualtrics task:
  • Load data into SFTP — read and write
  • Extract data from SFTP files — read, write, and delete  (Qualtrics' Test connection writes a small file, reads it, and deletes it.)
• Network: allowlist the Qualtrics IP ranges on your egress firewall and confirm outbound TCP 22 to sftp_address is open. (See Qualtrics' "Allowlist the Qualtrics IP Ranges" article for the current list.)
   

Connection steps

Add an SFTP account

1. Log in to Qualtrics.
2. As a Brand Administrator: go to Admin > Extensions, click Extract data from SFTP files (or Load data into SFTP), then click Add Account.  As an individual user: from inside an SFTP task in your workflow, click Add user account.
3. Give the account a name (for example, "Box SFTP").

Configure SFTP settings

• Hostname: sftp_address
• Port: 22
• Authentication method: Password
• Username: Enter your Box account email
• Password: Enter your Box password
• Click Connect Account.

Test the connection

1. In the SFTP task, click Test connection.
2. Qualtrics uploads a small file, reads it, and deletes it. The test must succeed before saving the workflow.

Handle MFA (if enabled)

Box SFTP issues an additional keyboard-interactive verification-code prompt when MFA is on. Qualtrics' Password method does not respond to that prompt inside a scheduled workflow, so the test or run will fail with an authentication error. Either disable MFA on the integration account or use a dedicated service account without an MFA.

Qualtrics-specific considerations

File transfer patterns

Outbound (Qualtrics to Box) — Load data into SFTP:

• Pair with an upstream extractor (for example, Extract responses from a survey) in the same ETL workflow.
• The output file goes to the directory you specify on the Box account's home directory; relative and absolute paths are both accepted.
• Single-run upload size is capped by Qualtrics' Load task limit; Box SFTP itself accepts up to 32 GB per file.

Inbound (Box to Qualtrics) — Extract data from SFTP files:

• Set a File name pattern (prefix or RE2 regex) and a case-sensitive Pickup directory.
• Supported file types: CSV, TSV, JSON, Excel (.xlsx ≤ 1 GB, .xls ≤ 5 MB).
• Files must be UTF-8 (not "Unicode UTF-8") with a header row. Use straight quotation marks; backslash-escaped quotes are not valid in CSV.
• Per Qualtrics' current documentation: 200 files per run, with per-file and per-run total size caps that Qualtrics may revise over time — verify the current values in the Extract data from SFTP files article for your tier.
• Post-processing: Qualtrics can delete the file, move it to another directory, or leave it in place after a successful run.

Error handling

• Configure workflow notifications/alerts on failure (Workflows > Alerts).
• Use Skip bad files / Skip malformed rows to keep a single bad file from failing the entire run.
• Review the workflow's Run history for per-file status.

Security considerations

• Use a dedicated Box service account scoped only to the folders Qualtrics needs.
• Avoid special characters in the Box password — Qualtrics' SFTP Troubleshooting guide lists this as a common cause of intermittent authentication failures.
• Rotate the Box password on a schedule and update the saved Qualtrics SFTP account when you do.
• Box SFTP files in the pickup directory may be read multiple times during a run; do not configure Box-side automation that deletes or moves files on first touch.

Qualtrics troubleshooting

Authentication failed

• Solution: Confirm Password is selected (not SSH Key or Encrypted SSH Key). Re-enter the Box email and password. Remove special characters from the password if present. Verify the account has no MFA and is not SSO-only without a Box-specific password.

Test connection succeeds but the run fails on extract

• Solution: Confirm the account has delete permission on the Pickup directory in Box (the Extract task deletes processed files by default). Verify the directory path matches the case exactly.

Connection refused / timeout

• Solution: Allowlist Qualtrics' IP ranges on your egress firewall, verify outbound TCP 22 to sftp_address, and confirm Box SFTP is enabled in your Box Admin Console under Integrations > Box SFTP Server for the user/group the integration account belongs to.

"Cannot initialize SFTP protocol"

• Solution: Ensure the saved hostname is sftp_address (not ftp.box.com) and port 22. Box FTPS endpoints will not accept Qualtrics SFTP connections.

Migrating with WinSCP

WinSCP is a free SFTP and FTP client for Windows with a focus on secure file transfers.

Prerequisites

• WinSCP (free download from winscp.net)
• Your Box account email and password
• Box SFTP server address: sftp_address

Connection steps

Launch WinSCP

1. Open WinSCP application.
2. The Login dialog will appear automatically.

Configure new session

In the Login dialog:

• File protocol: Select SFTP.
• Host name: sftp_address
• Port number: 22
• User name: Enter your Box account email
• Password: Enter your Box password (or leave blank to be prompted)

Advanced settings (optional)

Click the Advanced button to configure additional settings.

Environment tab:

• SFTP server: Leave default (automatic detection)
• SCP/Shell: Not needed for SFTP

Connection tab:

• Server response timeout: 30 seconds (default)
• Keep-alives: 30 seconds (to prevent connection timeout)

Save session (optional)

1. Click Save.
2. Enter a session name (for example, "Box SFTP").
3. Consider saving passwords (only on trusted computers).

Connect

1. Click Login to establish the connection.
2. If prompted about the host key, verify the host key with the Box SFTP Documentation page and accept.
3. Click Yes to accept (first connection only).

Handle MFA (if enabled)

If Multi-Factor Authentication is enabled:

1. After entering your password, you'll see an additional Keyboard-interactive authentication prompt.
2. Enter the six-character alphanumeric code (without the space) into the Verification code field from your authenticator source (SMS or e-mail).
3. Click OK.

Verify connection

• You should see your local files on the left panel.
• Box SFTP remote files on the right panel.
• The status bar at the bottom should show "Connected".

WinSCP interface options

To change: Click Options > Preferences > Environment > Interface.

WinSCP offers three interface styles:

• Commander (default): Dual-pane interface (local | remote)
• Explorer: Single-pane interface like Windows Explorer
• Custom: Customize the layout to your preference

WinSCP tips

• Custom Commands: Create custom commands in Extensions > Custom Commands
• Generate Script: Use Session > Generate Session URL/Code to create automation scripts
• Synchronized Browsing: Enable to navigate local and remote directories together

Common WinSCP issues

"Connection has been unexpectedly closed"

• Solution: Check firewall settings, verify server address.
• Try increasing timeout in Advanced settings.

 "Authentication failed"

• Solution: Verify credentials are correct.
• Ensure you're using SFTP protocol (not FTP).

"Cannot initialize SFTP protocol"

• Solution: Ensure port 22 is not blocked.
• Verify SFTP is selected as the protocol.

Migrating with Workday

Workday integrations can use Box SFTP for automated file transfers.

Prerequisites

• Workday administrator access
• Box SFTP server address: sftp_address
• Box account email and password
• Understanding of Workday integration setup

Connection steps

Access Integration System

1. Log in to Workday as an administrator.
2. Navigate to Integrations >  Integration System.

Create New SFTP integration

1. Click Create Integration System.
2. Enter a name (for example, "Box SFTP Integration").

Configure SFTP settings

Connection details:

• Protocol: Select SFTP (not FTP)
• Host: sftp_address
• Port: 22
• Username: Enter your Box account email
• Password: Enter your Box password

Advanced settings:

• Connection Timeout: 30 seconds (default)
• Retry Attempts: 3 (default)
• Transfer Mode: Binary (recommended)

Configure authentication

1. Authentication Method: Username/Password
2. If MFA is enabled:
   • Workday may need to be configured to handle keyboard-interactive authentication
   • Contact your Box administrator for MFA setup guidance
   • Consider using accounts without MFA for automated integrations

Test connection

1. Use Workday's Test Connection feature.
2. Verify the connection is successful.
3. Check for any error messages.

Configure file paths

1. Set up remote directory paths for file transfers.
2. Verify file naming conventions.
3. Configure file encoding (UTF-8 recommended).

Workday-specific considerations

File transfer patterns

Outbound (Workday to Box):

• Ensure file naming conventions are maintained.
• Verify file encoding (UTF-8 recommended).
• Check file size limits (max 32GB).

Inbound (Box to Workday):

• Verify file format compatibility.
• Check parsing logic for file structure.
• Ensure error handling is configured.

Error handling

1. Configure error notifications.
2. Set up retry logic.
3. Monitor integration logs.
4. Set up alerts for failed transfers.

Security considerations

• Use accounts with minimal permissions.
• Rotate passwords regularly.
• Enable audit logging.
• Consider IP whitelisting if supported.

Workday troubleshooting

Connection timeout

• Solution: Check firewall rules, verify server address (sftp_address) and port.

Authentication failed

• Solution: Verify username and password, check for MFA requirements.

Files not transferring

• Solution: Check file permissions, verify paths, review integration logs.

MFA not supported

• Solution: Use an account without MFA, or contact Box support for alternative authentication.

Best practices

Security

Use strong passwords

• Minimum 12 characters.
• Mix of letters, numbers, and symbols.
• Don't reuse passwords.

Enable MFA

Connection security

• Always verify the host key on the first connection.
• Never ignore host key warnings after initial connection.
• Keep SFTP client software updated

Credential management

• Use password managers for credentials.
• Don't store passwords in plain text scripts.

Connection management

Close unused connections

• Close connections when not in use.
• Avoid keeping multiple connections open unnecessarily.
• Box limits 40 concurrent connections per user.

Enable Keep-alive

• Prevents connection timeout during long operations.
• Recommended for large file transfers.

Use connection pooling

• For automated transfers, reuse connections when possible.
• Reduces authentication overhead.

Testing

Test before production

• Test connection manually before automating.
• Verify file transfers work correctly.
• Test with small files first.

Monitor connections

• Review connection logs regularly.
• Set up alerts for failed connections.
• Monitor transfer success rates.

Migration checklist

Use this checklist to ensure a smooth migration:

Pre-migration

• Identify all FTP/Box FTPS connections.
• Document current FTP/Box FTPS configurations.
• Obtain Box SFTP server address (sftp_address) and credentials.
• Verify network connectivity to Box SFTP server (port 22).
• Test Box SFTP connection manually.
• Review security requirements (MFA, passwords, etc.).

Migration

• Update FileZilla sites (if applicable).
• Update Cyberduck bookmarks.
• Update Beyond Compare profiles (if applicable).
• Update command-line scripts (if applicable).
• Update Workday integrations (if applicable).
• Test all connections.
• Verify file transfers work correctly.
• Test MFA (if enabled).

Post-migration

• Monitor connections for 24-48 hours.
• Verify all scheduled transfers are working.
• Update documentation.
• Train users on new procedures.
• Disable old FTP/Box FTPS connections (after verification period).
• Archive old FTP/Box FTPS configurations.

General troubleshooting for all clients

Common connection issues

"Connection Refused"

Possible causes:

• Wrong port number (should be 22, not 21)
• Firewall blocking port 22
• Incorrect server address

Solutions:

• Verify port is 22.
• Check firewall settings.
• Confirm server address is sftp_address.
• Test connection with: telnet sftp_address 22.

"Authentication Failed"

Possible causes:

• Incorrect username or password
• MFA required but not provided
• Account locked or disabled
• Using wrong protocol (FTP instead of SFTP)

Solutions:

• Verify username (should be your Box account email).
• Check password (case-sensitive).
• If MFA is enabled, ensure you're entering the verification code.
• Contact the administrator if the account is locked.
• Ensure SFTP protocol is selected (not FTP).

"Host Key Verification Failed"

Possible causes:

• First connection to server
• Server host key changed

Solutions:

• Verify the host key with Box SFTP Documentation page and accept (first connection only).
• If the key changed unexpectedly, contact the administrator.

"Connection Timeout"

Possible causes:

• Network issues
• Firewall blocking connection
• Server unavailable
• Proxy configuration issues

Solutions:

• Check network connectivity.
• Verify firewall rules.
• Test with: ping sftp_address
• Check proxy settings if applicable.
• Contact administrator to verify server status.

MFA issues

MFA prompt not appearing

Possible causes:

• Client doesn't support keyboard-interactive authentication
• MFA not enabled for your account
• Using wrong protocol

Solutions:

• Use a client that supports keyboard-interactive authentication.
• Verify MFA is enabled in your Box account.
• Ensure SFTP protocol is selected.
• Contact administrator for MFA setup.

MFA verification code not working

Possible causes:

• Expired verification code (time-based codes expire quickly)
• Wrong authenticator source (SMS or e-mail)
• Clock synchronization issues
• Entering code in wrong field
• Passing whitespace character in Verification Code

Solutions:

• Enter verification code immediately after generation.
• Verify you're using the correct authenticator source (SMS or e-mail).
• Ensure the device clock is synchronized with internet time.
• Ensure you're entering code in the "Verification code:" prompt (not the password field).
• Ensure you’re passing Verification code without whitespace

File transfer issues

Files not uploading

Possible causes:

• Insufficient permissions
• Box storage exceeded
• File path doesn't exist
• File name contains invalid characters
• File size is too big

Solutions:

• Verify you have Write permissions in the folder.
• Check available storage space in Box.
• Ensure the target directory exists.
• Avoid special characters in file names.
• Ensure the file does not exceed 32 GB.

Files not downloading

Possible causes:

• File doesn't exist
• Insufficient permissions
• Network interruption
• Local disk full

Solutions:

• Verify the file exists and the path is correct.
• Check read permissions in the folder.
• Ensure the local disk has enough space.
• Retry the transfer.

Transfer speed issues

Possible causes:

• Network congestion
• Large file sizes
• Encryption overhead
• Geographic distance from server

Solutions:

• Check network connection speed.
• Consider transferring during off-peak hours.
• Use compression for text files.
• Enable parallel transfers if supported.

Performance tips

• Use Binary Mode: Always enabled for SFTP (automatic).
• Compression: Use compression for text files (scp -C).
• Parallel Transfers: Use clients that support multiple concurrent transfers.
• Resume Capability: Box SFTP supports resuming interrupted downloads.
• Keep-alive: Enable keep-alive to prevent connection timeout.
   

Glossary

FTP: File Transfer Protocol (unencrypted)
FTPS: File Transfer Protocol Secure (encrypted)
Box FTPS: Box service that exposes FTP over SSL/TLS (encrypted)
Box SFTP: Box service that exposes SSH File Transfer Protocol (encrypted)
MFA: Multi-Factor Authentication
SSH: Secure Shell
Host key: Server's cryptographic identity
Keyboard-interactive: Authentication method that supports prompts

Box documentation links

Box SFTP Documentation
Box FTPS Documentation