Box and Netskope DRM

Box and Netskope DRM

Classification labels allows you to create, modify, and delete security classification identifiers for content in your organization’s Box deployment. With classification labels, you can classify files based on their sensitivity and enforce access policies associated with that sensitivity level. Classification labels help you identify sensitive information and encourage smarter behavior when people handle that content.

Box allows you to create up to 25 different classification labels. Files and folders can be assigned only one classification label at a time. You can define which user roles are allowed to change classification labels on files and folders.

When users preview a file or folder that has a classification label applied, the label and description are shown in the right-hand sidebar, as in the following example:

The classification label appears here, under Details in the right-hand sidebar, and also next to the file’s name in Preview when users select or preview content. The definition, under the label in the right-hand sidebar, is where you can include information describing the classification in further detail.

Prerequisite:

Authorize Netskope App on Box Admin Console

As an admin/co-admin, you should authorize the Netskope app on Box so that Netskope can make API calls to Box. You can either use a Box admin or a co-admin account to grant access to API Data Protection.

  1. Log in to your Box account using the admin or co-admin user and click Admin Console.
  2. Navigate to Admin Console > Apps > Custom Apps Manager. Under Server Authentication Apps, click Add App. Under Client ID, enter the following API key:
    • 6id7lc5mv8j4eultjlo9d45z88qmv5xk – This is the Netskope JWT app.

Setup

The Box label metadata is visible only when the file is in the Box ecosystem. The Box labels are only relevant when scanning content in Box.
Box labels will be supported for CASB API(Box) and not for Inline.
  1. Go to Settings > Manage > Sensitivity Label Integration

  2. Click Setup Instance > Box, enter the Instance Name, and click Grant Access.

  3. Click on the right-side of your newly setup instance and click View and Edit.

  4. Order is a way for customers to configure and assign a priority to the classification labels. This is important as Box does not allow labels to be given a priority. 25 is the highest and 1 is the lowest.

    The associated number in the Order field shall be used for policy evaluation when applying the labels as a Policy Action

    This Order field is optional and if priority is not defined, then the alphabetical order will be followed for policy evaluation. No two labels can have the same Order.

    For the CASB API, multiple policies can be triggered. If these have different policy actions, the priority determines which action will be applied. The highest Order will have the policy action applied.

Creating an API Data Protection Policy

Before an API Data Protection Policy can be created, the Netskope app MUST be authorized on the Box Admin Console. We do not support cross-instance protection. It must be on the same instance that you intend to pull labels from. The policy name will reflect the instance name.

Policy Creation

To create a policy:

  1. Navigate to Policies -> API Data Protection -> Next-Gen -> New Policy.

  2. For App Instances, select your Box instance.

  3. Choose the label that should be applied

Classification Label Limits

The following table describes the limits in classification labels.

ItemLimit
Name40 characters
Description300 characters
# of classification labels25
Share this Doc

Box and Netskope DRM

Or copy link

In this topic ...