Product Guides are now only available at docs.box.com. Check out all the details on what's changed.

Box Status
Print

Box Shield: Access from a specific application is blocked by suspicious location rules

Issue

Login and access to Box from a specific application are blocked.

Affected users receive a warning e-mail stating, “Access restricted,” and a suspicious location alert is displayed on the Shield dashboard in the Admin Console.

Warning e-mail message

Access restricted.
Your access has been temporarily revoked because account activity from a restricted location has been detected. Access will be restored immediately once you log in from an approved location.
If you are not sure why you are receiving this message, please contact your system administrator.

Root Cause

This issue occurs when access restrictions are enabled in the "Suspicious Location Detection Rule" in Box Shield. In this configuration, access from specific applications may be identified as activity from a potentially restricted location and subsequently blocked.

Resolution

Step 1: Diagnostics and alert verification

First, confirm whether the access block is caused by Box Shield.

  1. From the Admin Console, navigate to Shield > Dashboard and check whether any alerts associated with the affected user are displayed.
  2. Verify whether the user has received an e-mail stating, “account activity from a restricted location has been detected.”

Step 2: Excluding the application

If the issue is confirmed, exclude the affected application from the rule by following the steps below.

  1. Open "Filter Criteria" in the Suspicious Location Detection Rule.
  2. Enable Exclude integrations.
  3. Enter the integration name, select the relevant application from the list, and update the rule.

Step 3: Advanced solution when the application is not listed

If the application you want to exclude does not appear in the list, add it manually by following the steps below.

  1. In the Admin Console, go to Reports > Platform Activity, generate a report, and identify the client ID of the affected application.
  2. Navigate to Admin Console > Integrations > Platform App Manager tab.
  3. Click the + button on the right side of the screen.
  4. On the Add Platform App screen, enter the client ID identified earlier.
  5. On the Enable App screen, click Enable.
  6. Return to the Box Shield Detection Rule settings. The application should now be available for selection.

Reference Information

Suspicious Location Detection Rule

Related articles