Box Status
Print

Box for Salesforce Reauthorization Loop

Overview

If your Box for Salesforce integration repeatedly signs a user out or requires reauthorization multiple times per day, or you see “refused to connect” when accessing Box from Salesforce, follow the steps below to identify and resolve common causes.

Root Cause

This behavior is caused when the OAuth session between Salesforce and Box is interrupted or unable to persist. Common contributing factors include browser session/cookie settings that block cross-site authentication, missing or incorrect Box enterprise subdomain in your Salesforce Box Settings, or Salesforce session/clickjacking settings that interfere with embedded Box pages. The problem may affect only a single user if their local browser or profile is blocking third-party cookies or clearing session data.

Resolution Steps

Follow these steps in order to rule out all common causes. After each step, have the affected user reauthorize and reproduce the workflow to see whether the problem persists.

  1. Confirm environment
    • Ensure the user is using a supported browser and the latest browser version.
    • Confirm the user is not using private/incognito mode.
  2. Check browser cookie settings
    • Confirm third-party cookies and cross-site cookies are allowed (or not blocked for salesforce.com and box.com).
    • If your organization enforces cookie restrictions via extensions or group policy, whitelist box.com and your Box enterprise subdomain.
  3. Verify Box enterprise subdomain in Salesforce
    • In Salesforce go to Setup > Box Settings > Advanced Setup > Advanced Settings.
    • Confirm the Box Enterprise Sub-Domain field is populated with your enterprise subdomain (for example yourcompanysubdomain) and save if missing.
    • See this Box Support guide for further information
  4. Check Salesforce Session and Visualforce clickjack protection
    • In Salesforce Setup, navigate to Session Settings and review clickjack protection options. 
    • If you use custom Visualforce pages or a custom integration, check whether “Enable clickjack protection for customer Visualforce pages with headers disabled” or similar settings are enabled; toggling these (per your security policy) can affect embedded content and reauthorization flows. 
  5. Rule out local profile or network factors
    • Ask the user to test with a fresh browser profile or a different browser to see if the issue is profile-specific.
    • If possible, test on a different machine or network (e.g., home network or mobile hotspot) to rule out corporate network policies that clear sessions or block cross-site traffic.
  6. If none of the above suggestions resolve the issue, contact Box Product Support.

How to reauthorize the user account

  1. In Salesforce, go to the app launcher and type in Box
    Screenshot 2026-04-07 at 1.27.31 pm.png
  2. Go to Box Settings and press Connect next to Log In as a Box User
    Screenshot 2026-04-07 at 1.28.00 pm.png
  3. Under Connect with Box, press Reauthorize
    Screenshot 2026-04-07 at 1.29.47 pm.png
  4. Log into your Box account either by entering your Box credentials, or by SSO if your organization has SSO enabled.
    Screenshot 2026-04-07 at 1.31.25 pm.png 

Related articles