Skip to content

Help shape the future of Box

Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!

See user guide here.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

393 results found

  1. More possibilities regarding session timeout

    We find that the session timeout possibilities are somewhat limited. The jump from 2 days to 14 days is quite big - 2 days would log everyone out during each weekend, and would result in support tickets and 14 days are quite many. Something like 4 days inbetween would be great.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Custom User Role

    Currently under user role and access permission, we can only give a user "Member" or "Co-Admin" role.
    We would like the additional more granular role or provide us the ability to create custom role with checkboxes.
    Our goal is to have a new Role to allow a user to be able to maintain the Shields List for Email Address (Allow List for Email Addresses).

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Allow users to see a list or report of links that -they have created-

    Allow users to see a list or report of links that -they have created- so that they can be requested to review any external links and clean them up to keep organizational data secure.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. YubiKey - MFA option

    I'm wondering if Box would consider adding the YubiKey as an option for MFA - https://www.yubico.com/why-yubico/

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Password reset is so laborioius

    You need to vastly improve the password reset experience. It takes me several minutes to set up a new password and I have to do this on multiple computers. For one thing, DON'T expire passwords. It doesn't improve security at all. Second, if you have to expire them, send me a warning a few days ahead of time. Don't just shut down my Box drive app. Third, I should be able to log in with my old PW and just reset there, maybe with a 2nd factor authentication, like a text message. Finally, the PW rules are too narrow. If…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Increase Password Reset Duration

    I would like to request admins have the ability to change the value for "Require users to reset passwords" to have "1 year" as an option.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Need multiple options for 2-factor authentication

    Please allow multiple options to receive a 2-factor authentication code. If I were to lose access to my cell phone or change the phone #, then I would be unable to receive a code via SMS and be locked out of Box.

    In addition, please ensure the options other than 2FA code via SMS actually are viable options. Right now, the authenticator option doesn't work - no QR code is generated by Box for me to scan with my phone. The e-mail option also doesn't work - I keep getting an error message that the default e-mail is invalid ...…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Ability to exclude service account from password reset requirements

    The ability to exclude Box Service Accounts email from required password reset by our enterprise. Our service account integrates with Salesforce and it breaks our connection when Box triggers a password reset.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Hardware security token for 2FA / MFA / Yubikey

    With the broader support of passkeys , I would like to suggest a phishing resistant WebAuthn based Authentication option for Box.

    This would open up future possibilites for convenient and secure FaceID/TouchID/Yubikey/etc authentication.

    Insurance companies are requesting it and I am sure all Box customers would benefit.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Using Box with FTPS and MFA

    We would like to use automated scripts to upload files to Box using FTPS. We would also like MFA enabled for our internal users. Box has advised that:
    1. They do not provide service accounts to facilitate this
    2. They do not allow per-user control over MFA settings
    3. The process to login when MFA is enabled is manual and cannot be automated.
    4. FTPS only works with SMS MFA

    We would like the following product enhancements:
    1. Automated MFA Support: The ability for automated scripts to interact with MFA, perhaps through a secure token-based system or service account that…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Add permission to grant user access to see (list) of folders and files but not preview any content within the files.

    This would provide awareness to the user that a file exists and they can then request preview (or other) access from the owner/co-owner.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. External user verification via TOTP for shared links

    Please consider adding a TOTP verification option for shared links. You could allow a link to be shared to an email address but require TOTP verification via that same email address. This would help verify that only someone with access to the email address we shared with can access the content without forcing them to signup for a free Box account.

    Thank you

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Closed folder structure

    "My Sign Requests", "My Canvases" and "My Signed Documents" folders are created as private folders technically by Box, without any admin intervention. When using a closed folder structure, these folders can still be used by users to build their own folder structures, as they become the owner of this folder. This counteracts the idea of a closed folder system and represents a massive security gap. Users can then build folder structures and content in our box instance without any control by the admin and share them with external users.

    These technically generated folders must therefore be restricted accordingly, or admins…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Hide older versions from certain collaborator levels

    When you share a file/folder with another user, no matter what permission level you give them they are able to see all older versions. It would be great if we could hide those from lower level collaborators like you can do with comments.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Folder-level access control

    Box needs folder-level access control so that you can assign a specific user access level to a specific folder and not have it inherit the "waterfall" (unwanted) access level. This has been an issue for many years.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Create Annotations/Markups with Viewer Role with Watermarking Enabled

    When Watermarking is NOT enabled on files/folders, users with the Viewer permission are able to markup/annotate without downloading the file. As soon as Watermarking is turned on, that functionality goes away. The only option is to increase their permissions, which gives them rights to upload, which I do not want. Why does this functionality go away when Watermarking is enabled? Is this able to be fixed?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Leverage the External Identity providers like OKTA to securely access the Box API’s.

    Context : Allow box subscription tenants to leverage the External Identity providers like OKTA to securely access the Box API’s.

    Use case: Tenants like us want to centralize the access to the APIs to our external vendors partners and internal teams. It is always beneficial to centralize the access using OKTA like OAUTH 2.0 providers and move to zero trust.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Make editing password protected shared links clearer

    When a shared link to document or folder is already password protected, and a user wishes to change the password, the password screen should be clearer as to how this is accomplished - possibly by an additional Change button or Confirm Changes

    Currently this is unclear

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Administrative Controls around shared links

    For Shared Links that are open to "People with the link" and no expiration date across our organization, we'd like to have the ability to:

    1. Disable these links up across all or selected users
    2. Restrict settings for the majority of our users so that all of these shared links have an expiration of 60 days or less
    3. Allow only a select group of users the ability to share links with way without expiration dates
    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. email MFA with FTP

    FTP only supports SMS MFA, this is a very restricting security setting, and quite frankly is a bad idea.

    PER BOX'S OWN DOCUMENTATION ( https://support.box.com/hc/en-us/articles/360043697154-Multi-Factor-Authentication-Set-Up-for-Your-Account):

    "SMS may not be available because a user is traveling, offline, or in a country that does not support 2FA through SMS."

    AS WELL AS:

    "There are known SMS security vulnerabilities, such as SIM swapping."

    Please allow us to use AT LEAST email MFA when uploading/downloading via FTP.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

Feedback and Knowledge Base