Netskope Help

Authorize Netskope Introspection App on Box Enterprise

As an admin, you should authorize Netskope Introspection app on Box so that Netskope can make API calls to Box. You can either use a Box admin or a co-admin account to grant access to API Data Protection.

Note

Starting from release 50, API Data Protection for Box uses OAuth 2.0 with JSON Web Token (JWT) authentication method.

To configure Box access permissions:

  1. Log in to your Box account using the admin account and go to the Admin Console.

  2. If you are granting access to API Data Protection as a co-admin, select a co-admin user from the list of users and enable the permissions for the co-admin as mentioned in steps 3-5. If you are granting access to API Data Protection as an admin, skip steps 3-5 and proceed to step 6.

    Note

    Only an enterprise admin user has the right to enable permissions for a co-admin user.

  3. Navigate to Users and Groups BoxUserIcon.png > Managed Users in the top menu bar. Click a co-admin user from the list.

  4. In the Edit User Access permissions section, select the permissions to grant the co-admin, and then select the Co-Admin checkbox to grant additional administrative privileges. Under Reports and Settings, enable the following permissions:

    • View settings and apps for your company: Enable this permission to allow the co-admin to grant Netskope to access your Box account.

    • Edit settings and apps for your company: Enable this permission to allow the co-admin to install and authorize the JWT and Event Stream app.

    BoxUserAccess.png
  5. Click Save.

    If you are authorizing as co-admin, log in as co-admin and proceed to the next steps.

  6. Navigate to Admin Console > Apps > Box Apps & Integrations.

  7. Under Individual Application Controls, search for Netskope Active Platform and Netskope Introspection, and select the Available option for both the apps.

  8. Navigate to Admin Console > Apps > Custom Apps and click Authorize New App. Under Client ID, enter the following API key:

    23i97k6vzy0hhugk94bg9c22lmkxudug
  9. Click Next and Authorize.

    Important

    Netskope requires permissions for the following actions in Box:

    • Read and write all files and folders stored in Box: This permission is required to scan files in Box. Netskope requires the write permission to support quarantine/forensic/legal hold policies.

    • Manage users: This permission is required to get visibility of all the users in the enterprise.

    • Manage groups: Groups can be added as collaborators. This permission is required to get visibility of the group details.

    • Manage enterprise properties: This permission is required to utilize the enterprise poll APIs. This permission is required to suppress notifications generated by enterprise APIs or else, the administrator may get considerable number of emails from Box.

    • Admin can make calls on behalf of Users: This permission is required to use the As-User header for APIs. Netskope impersonates as different users to stay within the API limits. Or else, Netskope may hit the rate limits for APIs.

    • Admin or co-admin can make calls for any content in their enterprise: This is a global content management scope required to track activities done by an administrator as other users.

    • Manage app users: App users are automated users who can perform activity in enterprise via APIs. This permission is required to list app users.

    • Manage skill rules: This permission is required by Netskope to create skill rules (subscription) that are needed to work with Box Event Stream.

    • Generate tokens: This permission is required to authenticate the API calls with tokens.

    Once authorized, the JWT app is enabled for your Box account.