Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
402 results found
-
IP Address Restriction for Webapp and SELECTED API calls
We want to enable IP address restrictions only for the web app and selected applications.
Possible methods include submitting a list of client IDs exempt from restrictions during application, or providing a UI to specify an app list excluded from IP address restrictions.Currently, only the following two options are available.
- Enable only for Webapp
- Enable for Webapp and All API callsWhat we truly want is to apply IP address restrictions to the web app and BoxDrive. However, selecting “All APIs” renders nearly all other cloud-based integration apps unusable.
For example, losing integrations that significantly boost productivity—like…20 votes -
Request for Improvement of the “People with the Link” Feature in Box
Request for Improvement of the “People with the Link” Feature in Box
We would like to request the following improvements to the “People with the link” option within Box’s Share Link feature, which is used to grant viewing or downloading access to folders or files for organisations or email addresses that do not have a Box account or existing folder permissions.
At present, requiring the link creator to manually set a password is rather cumbersome, and as a result, many users choose not to do so. Since there is no enforcement mechanism, some organisations restrict or even prohibit the use…
13 votes -
WithSecure
We would like to request that WithSecure Elements EPP for Computers be added to the Device Trust supported antivirus/endpoint protection product list.
5 votes -
Support IAL2/AAL2 Identity Providers as a Box Login
Box should partner with identity providers like ID.me and Login.gov, allowing for enterprises to ensure a smooth and secure login process for managed users and external collaborators alike . Users should be able to use these credentials to access Box.
This is especially important to reduce the risk of unverified external collaborators accessing sensitive enterprise content. Ideally, admins can enforce these IdP logins for external collaborators (similarly to how the current 2FA setting for external collaborators works). These two identity providers can require IAL2/AAL2 identity verification and authentication in accordance with NIST 800-63-3 standards.
5 votes -
Flexible IP Restrictions: Require Strong IdP Auth Rather Than Immediate Block
■Request
We would like Box’s conditional access capability to be enhanced so that, in environments where IP address restrictions are enabled, the IdP’s (e.g., HENNGE) authentication method can be switched based on the source IP.■Specific example (use case):
When accessing from an allowed IP: Log in with standard SSO (e.g., ID/password).
When accessing from a non-allowed IP: Require strong authentication at the IdP, such as a client certificate, in order to log in. Example: Box requests and validates the corresponding assurance level (AuthnContext) and permits login only when the requirement is met. If the requirement cannot be met, explicitly…5 votes -
We want the Box administrator to be able to confirm when an IP address is blocked from communicating.
Box has a function to increase security by restricting the IP addresses accessing the system. When using this function, it is necessary to register the addresses to be used in the permission list when there is a system that wants to cooperate with Box.
However, there are cases where it is not possible to confirm the IP addresses used with each system vendor.
Therefore, currently, we block communication once and ask Box to confirm the information by contacting the company.
This operation requires support from Box and is inconvenient for us because it takes time to add the IP address…
13 votes -
Let users use password managers
Hey Box frontend developers,
Your half-baked implementation of a password strength checker (e.g., zxcvbn or a custom regex), and then tying it to events like keyup, keydown, or input prevents users from using password managers. So now I'm using a really simple password that I can hand-type because you disallow pasting and (poorly) implement live re-validation.
Congrats, your site is now less secure.
2 votes -
I want to ensure that clients cannot forward links that I send with intellectual property. When clients/customers order my products, I want
I want to ensure that clients cannot forward links that I send with intellectual property. When clients/customers order my products, I want them to have a downloadable link (without having a box account) to access the document(s). I do not want to send a passcode for access (unless it is required).
I tested out this feature with a few of my email accounts not linked to my Box account. I also tested it out with a Box user in with account access, but to an email not linked to Box.
1 vote -
Video Watermarking preserved upon download
In the Video Watermarking feature, have the option for those with download/edit capability to retain the watermark. I.e. preserve the watermark when downloaded by content editors or co-owners.
2 votes -
Use Box for document distribution without the need for recipients to have logins but still have dynamic watermarking displaying their email
I’d like to see a feature that allows us to use Box to distribute documents and/or access to documents, with those documents being dynamically watermarked with the recipient’s information, regardless of whether the recipient has a Box login or not. The use case I have here is the need to distribute an important document (could be a script, treatment, call sheet) to multiple people at once using Box but respecting the fact many will not have and will not want another login for another platform (something we’re repeatedly told is the fatigue people have from having to create more and…
2 votes -
Managed and Un-Managed users 2FA Provisioning & Enforcement for all business packages
Regretfully, Basic Business package does not provision enforcement of 2FA for managed users and no 2FA at all for external collaborators. ,Security Feature availability \ enforcement of 2FA for Managed and Un-Managed users should be included in all business packages ... 2FA is a must have security feature for all users accessing firm's data.
1 vote -
Additional Passwords / Biometrics
I'd like to add an additional layer of security on folders in Box by password protecting them. We are using a mobile devices a lot - so it seems like a natural added layer of security similar to how Apple offers locked notes would be very helpful. If it was a password or an additional biometric check - that would be great!
1 vote -
Box EDR
1) How is Box handling Endpoint Detection and Response (EDR / XDR) for its internal infrastructure?
2) We see the "Endpoint Detection and Response Integrations" section in the "Enterprise Settings" of the Admin Console - is CrowdStrike the only integration available? Are they plans to expand to Microsoft Defender or Trellix?
1 vote -
Behavior when an external collaboration allowed folder is moved to a non-allowed folder
The "If you move a subfolder in a folder that is allowed to collaborate externally to a folder that is not allowed to collaborate externally, the subfolder will still be able to collaborate externally." behavior is a specification of Box.
The above specification violates Box's waterfall permissions specification. When this happens, Box should alert and remove external collaborations.
1 vote -
Box does not work on Microsoft Edge when Norton AntiTrack is enabled. Would be great to have a workaround for this.
Box does currently not function on Microsoft Edge when the Norton AntiTrack plugin/extension is enabled. Have to disable the plugin to be able to use Box. Would be great to have a workaround for this i.e. not have to disable Norton to have Box function on Edge.
1 vote -
When creating a password for a Share Link I'd like Box to generate and display a password that I can either choose to use or set my own.
As a user I create quite a few Share Links and I almost always set a password for each link. There are times where it would be really helpful if Box would automatically generate and display random password giving me the option to use the Box generated password or allow me to create my own password. In each case it would be helpful if the password field would include an "eye" icon that users can click to display the password they choose to use.
1 vote -
When creating a password for a Share Link I'd like Box to generate and display a password that I can either choose to use or set my own.
As a user I create quite a few Share Links and I almost always set a password for each link. There are times where it would be really helpful if Box would automatically generate and display random password giving me the option to use the Box generated password or allow me to create my own password. In each case it would be helpful if the password field would include an "eye" icon that users can click to display the password they choose to use.
1 vote -
Enhancement of the "enable exposed password detection" feature
Could we enable the "enable exposed password detection" setting for internal users as well?
Currently, this setting is only available for external users.
We would like to have control over internal Box content if any of the internal users' passwords are detected as compromised.
The setting location for "enable exposed password detection" is as follows:
Enterprise Settings > Security > Password Requirements > External Collaborator
1 vote -
Box password setting function compatible with “NIST password requirements”
Box password setting function compatible with “NIST password requirements”
Many companies create rules for internal tools based on NIST password requirements.
I would like Box to introduce a password setting function that complies with NIST password requirements.・If it detects that a password may have been leaked, it will force you to change your password.
・If the password is included in the list of leaked values, the system will prompt you to create a different password.NISTパスワード要件に対応したBoxのパスワード設定機能
多くの企業がNISTパスワード要件をもとに社内利用ツールのルールを作成しています。
BoxもNISTのパスワード要件に対応したパスワード設定機能を導入して欲しいです。・パスワードが漏洩した可能性を検知した場合、パスワードの変更を強制する
・パスワードが漏洩した値のリストに含まれている場合異なる文字列でのパスワード作成を要求する4 votes -
Forcing the Microsoft Authenticator App
Allow for the ability to force the Microsoft Authenticator App (or any other Admin-specified Authenticator App), as opposed to allowing the end user to choose their preferred Authenticator App.
1 vote
- Don't see your idea?