Configure Box for the Next Generation API Data Protection
Configure Box for the Next Generation API Data Protection
To configure Box for the Next Generation API Data Protection, you need to authorize Netskope as a web application client to access your Box instance. Follow the instructions below.
Prerequisite
-
A Box account with Business, Business Plus, Enterprise, or Enterprise Plus license.
-
A Box admin or co-admin user account.
Assign a Co-admin User for Netskope
This section describes the steps to assign a co-admin user for Netskope. If you do not plan to use the Box admin account, you can grant co-admin access instead. If you are granting access to Netskope as an admin, skip this section and proceed to the next one.
Here are the steps to create and assign a co-admin user to Netskope.
-
Log in to your Box account as an enterprise admin user.
-
Click Admin Console and navigate to Users and Groups > Managed Users. Click a co-admin user from the list.
-
In the Role and Access Permissions section click Edit. Under Reports and Settings, enable the following permissions:
-
View settings and apps for your company: Enable this permission to allow the co-admin to grant Netskope access to your Box account.
-
Edit settings and apps for your company: Enable this permission to allow the co-admin to install and authorize the JSON Web Token (JWT) and Event Stream app.
-
-
Click Save.
You can continue to be logged in as an admin user or re-login as a co-admin user and proceed to the next steps.
Authorize Netskope App on Box Admin Console
As an admin/co-admin, you should authorize the Netskope app on Box so that Netskope can make API calls to Box. You can either use a Box admin or a co-admin account to grant access to API Data Protection.
-
Log in to your Box account using the admin or co-admin user and click Admin Console.
-
Navigate to Admin Console > Apps > Custom Apps Manager. Under Server Authentication Apps, click Add App. Under Client ID, enter the following API keys:
-
6id7lc5mv8j4eultjlo9d45z88qmv5xk
– This is the Netskope JWT app. -
cjm7eo3a8w6ukc7c22m9lyj4r8ppx7r6
– This is Netskope Event Stream app.
-
-
Click Next and Authorize.
Disable Shied Detection Rules in Box
Shield Detection Rules are used to monitor events and activities in your Box account for advanced security. Learn more. If you have enabled the Malicious Content shield detection rule, ensure that the Restrict download of malicious content option is disabled. This option is available under Admin Console > Shield > Detection Rules > Malicious Content. If enabled, Box will block Netskope from scanning files.
Configure Netskope to Access your Box Account
To authorize Netskope to access your Box account, follow the steps below:
-
Log in to the Netskope tenant UI and go to Settings > Configure App Access > Next Gen > CASB API.
-
Under Apps, select Box and click Setup CASB API Instance.
The Setup Instance window opens.
-
Under Administrator Email, enter the email address of the user who will receive an email notification when a policy violation or event triggers. This step is optional.
-
Under Instance Name, enter a name of the SaaS app instance. This step is optional and if left blank, Netskope will determine the name of the app instance post grant.
-
Click Grant Access.
You will be redirected to the Box sign-in page.
-
Log in with the Box admin or co-admin account and click Authorize.
You will be prompted with a set of permissions. Click Grant access to Box.
When the configuration results page opens, click Close.
Refresh your browser and you will see a green check icon next to the instance name.
Next, you can view the Next Generation API Data Protection Inventory page to get deep insights on various entities on your Box account. For more information on the Inventory page, see Next Generation API Data Protection Inventory.
You can receive audit events and standard user behavior analytic alerts in Skope IT. To know more: Next Generation API Data Protection Skope IT Events.
Next, you should configure a Next Generation API Data Protection policy. To do so, see Next Generation API Data Protection Policy Wizard.