Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
393 results found
-
More possibilities regarding session timeout
We find that the session timeout possibilities are somewhat limited. The jump from 2 days to 14 days is quite big - 2 days would log everyone out during each weekend, and would result in support tickets and 14 days are quite many. Something like 4 days inbetween would be great.
1 vote -
Custom User Role
Currently under user role and access permission, we can only give a user "Member" or "Co-Admin" role.
We would like the additional more granular role or provide us the ability to create custom role with checkboxes.
Our goal is to have a new Role to allow a user to be able to maintain the Shields List for Email Address (Allow List for Email Addresses).1 vote -
Allow users to see a list or report of links that -they have created-
Allow users to see a list or report of links that -they have created- so that they can be requested to review any external links and clean them up to keep organizational data secure.
2 votes -
YubiKey - MFA option
I'm wondering if Box would consider adding the YubiKey as an option for MFA - https://www.yubico.com/why-yubico/
2 votes -
Password reset is so laborioius
You need to vastly improve the password reset experience. It takes me several minutes to set up a new password and I have to do this on multiple computers. For one thing, DON'T expire passwords. It doesn't improve security at all. Second, if you have to expire them, send me a warning a few days ahead of time. Don't just shut down my Box drive app. Third, I should be able to log in with my old PW and just reset there, maybe with a 2nd factor authentication, like a text message. Finally, the PW rules are too narrow. If…
1 vote -
Increase Password Reset Duration
I would like to request admins have the ability to change the value for "Require users to reset passwords" to have "1 year" as an option.
1 vote -
Need multiple options for 2-factor authentication
Please allow multiple options to receive a 2-factor authentication code. If I were to lose access to my cell phone or change the phone #, then I would be unable to receive a code via SMS and be locked out of Box.
In addition, please ensure the options other than 2FA code via SMS actually are viable options. Right now, the authenticator option doesn't work - no QR code is generated by Box for me to scan with my phone. The e-mail option also doesn't work - I keep getting an error message that the default e-mail is invalid ...…
2 votes -
Ability to exclude service account from password reset requirements
The ability to exclude Box Service Accounts email from required password reset by our enterprise. Our service account integrates with Salesforce and it breaks our connection when Box triggers a password reset.
1 vote -
Hardware security token for 2FA / MFA / Yubikey
With the broader support of passkeys , I would like to suggest a phishing resistant WebAuthn based Authentication option for Box.
This would open up future possibilites for convenient and secure FaceID/TouchID/Yubikey/etc authentication.
Insurance companies are requesting it and I am sure all Box customers would benefit.
3 votes -
Using Box with FTPS and MFA
We would like to use automated scripts to upload files to Box using FTPS. We would also like MFA enabled for our internal users. Box has advised that:
1. They do not provide service accounts to facilitate this
2. They do not allow per-user control over MFA settings
3. The process to login when MFA is enabled is manual and cannot be automated.
4. FTPS only works with SMS MFAWe would like the following product enhancements:
1. Automated MFA Support: The ability for automated scripts to interact with MFA, perhaps through a secure token-based system or service account that…1 vote -
Add permission to grant user access to see (list) of folders and files but not preview any content within the files.
This would provide awareness to the user that a file exists and they can then request preview (or other) access from the owner/co-owner.
1 vote -
External user verification via TOTP for shared links
Please consider adding a TOTP verification option for shared links. You could allow a link to be shared to an email address but require TOTP verification via that same email address. This would help verify that only someone with access to the email address we shared with can access the content without forcing them to signup for a free Box account.
Thank you
8 votes -
Closed folder structure
"My Sign Requests", "My Canvases" and "My Signed Documents" folders are created as private folders technically by Box, without any admin intervention. When using a closed folder structure, these folders can still be used by users to build their own folder structures, as they become the owner of this folder. This counteracts the idea of a closed folder system and represents a massive security gap. Users can then build folder structures and content in our box instance without any control by the admin and share them with external users.
These technically generated folders must therefore be restricted accordingly, or admins…
2 votes -
Hide older versions from certain collaborator levels
When you share a file/folder with another user, no matter what permission level you give them they are able to see all older versions. It would be great if we could hide those from lower level collaborators like you can do with comments.
2 votes -
Folder-level access control
Box needs folder-level access control so that you can assign a specific user access level to a specific folder and not have it inherit the "waterfall" (unwanted) access level. This has been an issue for many years.
6 votes -
Create Annotations/Markups with Viewer Role with Watermarking Enabled
When Watermarking is NOT enabled on files/folders, users with the Viewer permission are able to markup/annotate without downloading the file. As soon as Watermarking is turned on, that functionality goes away. The only option is to increase their permissions, which gives them rights to upload, which I do not want. Why does this functionality go away when Watermarking is enabled? Is this able to be fixed?
1 vote -
Leverage the External Identity providers like OKTA to securely access the Box API’s.
Context : Allow box subscription tenants to leverage the External Identity providers like OKTA to securely access the Box API’s.
Use case: Tenants like us want to centralize the access to the APIs to our external vendors partners and internal teams. It is always beneficial to centralize the access using OKTA like OAUTH 2.0 providers and move to zero trust.
1 vote -
Make editing password protected shared links clearer
When a shared link to document or folder is already password protected, and a user wishes to change the password, the password screen should be clearer as to how this is accomplished - possibly by an additional Change button or Confirm Changes
Currently this is unclear
2 votes -
Administrative Controls around shared links
For Shared Links that are open to "People with the link" and no expiration date across our organization, we'd like to have the ability to:
- Disable these links up across all or selected users
- Restrict settings for the majority of our users so that all of these shared links have an expiration of 60 days or less
- Allow only a select group of users the ability to share links with way without expiration dates
1 vote -
email MFA with FTP
FTP only supports SMS MFA, this is a very restricting security setting, and quite frankly is a bad idea.
PER BOX'S OWN DOCUMENTATION ( https://support.box.com/hc/en-us/articles/360043697154-Multi-Factor-Authentication-Set-Up-for-Your-Account):
"SMS may not be available because a user is traveling, offline, or in a country that does not support 2FA through SMS."
AS WELL AS:
"There are known SMS security vulnerabilities, such as SIM swapping."
Please allow us to use AT LEAST email MFA when uploading/downloading via FTP.
1 vote
- Don't see your idea?