Help shape the future of Box

Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!

See user guide here.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow SSO users to remove their external password again

    Since I as a user can set up an external password for my SSO account, I'd like to also be able to remove that external password when I no longer need it. This a) removes an unnecessary login method and therefore improves security and b) alleviates the need for me to regularly change a password I no longer have any use for.

    Currently this requires going through Box support (and potentially an enterprise's own internal support hierarchy before that, as in my case), whereas it could also be a simple link/button next to the "Change Password" link in my account…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Hardware security option for Login

    So far there is no option of hardware security, like Yubico/ Yubikey or similar security keys that require physical identification (I have just checked with your service). SMS code/confirmation is a poor alternative. Please consider option to use USB computer security keys (Dropbox has it, so stay in line with competion, as you are much better!) https://www.yubico.com/works-with-yubikey/join/

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Cylance

    Please add Cylance to the list of Antivirus vendors as part of the Box Device Trust settings!

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Can we get a report that shows WHY a device failed Device Trust?

    Can we get a report that shows WHY a device failed Device Trust?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. SSO Required - API authorize endpoint behavior not consistent with Core Box

    USAF is developing a custom iOS app on Box requiring USAF internal users to authenticate into the app via SSO. With "SSO Required" turned ON, the app redirects users to the Box login page and not the SSO login page on invoking the Box authorize API endpoint. This seems not to be consistent with the Core Box "SSO Required" flow
    More details including user flow illustration in the ticket.
    JIRA ticket - https://jira.inside-box.net/browse/BOX-205930

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable passphrases instead of only complex passwords

    We enabled the Box strong password policy for 3rd parties; however, it does not permit passphrases. In the CASB pilot, when I accepted an invite to collaborate on my personal Box account, Diageo Box required me to change my 15 character passphrase to a complex password. That will be a problem for any 3rd parties using passphrases. Therefore we should turn that policy OFF.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add the automatic deletion function of external collaborators account

    Request: Add the automatic deletion function of external collaborators account
    Please add automatically delete function linked to the deletion of his company's Box account.
    Reason: Even if he changes jobs, he can still log-in to Box using his old e-mail accounts.
    We cannot control the collaborators' job change, and we cannot grasp it in a timely catch-up of his situation.
    If he changes jobs to our competitor, the risk of data breaches increases.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add action option for Content Security policy

    add another action option to the 'Then take the action(s)' section under Content Security Policies. It would be useful if one of the available actions was to disable the users account/set it to inactive automatically if the account were to violate the content security policy.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. MFA

    MFA only supports SMS method which is very inconvenience and insecure! Hope you guys can support token-based methods soon. Thanks

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Limited access to external collaborators on file & folder

    Dear Team, I want to give access to my auditor some file. However I do not want them to edit, save , download or print screen any documents.

    How to do this ?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Natively generate QR Code for shared links

    The ability to convert Box's shared link to QR code natively, instead of using unsecured free QR generating services

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.

    Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Convert all notification email contain "app.box.com" link to "ent.box.com" under BVE

    Some notification email such as "Email Uploads completed" contain "app.box.com" link even for enterprises that have Box Verified Enterprise enabled.

    They should be converted to "ent.box.com" link in order to access them from Internal network.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Block end user password reset for SSO users

    In our environment, we enforce SSO, however users can still go into their user settings to reset their password and change the password. My understanding is that this password is only usable for FTP access, but it is confusing for users and we do not use the FTP functionality. Block end user password reset for SSO users

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Create Outlook anomaly detection

    Build out an Outlook feature or compatible security product that can impose rules on content categories that can alert the appropriate individuals of anomalies or misuse before the file leaves the company’s boundaries in the email program.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Include types of virus for Virus alert email

    Include which type of virus contained in virus notification alert email. If types of virus includes in alert, admin is able to identify that alert email was accurate.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add granularity to shared link controls

    Based on organizational requirements and the variance, there should be additional controls such as limiting the capability to create shared links (open Links) to Admins or designated personnel as an option. This would allow for greater granularity as some divisions within an organization may have a need to share publicly, while also securing sensitive information

    22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    For now, we are focussed on solving bulk management issues with Shared Links.

    Box Shield is an additional option for enforcing granular controls on content.

  20. Enforcing Security on Public shared link

    Public link is a good option to share a file with ones who can not have box account for various reasons.

    However to share a sensitive file with such parties, Whether the password and expiry can be enforced to set on a public shared link via security policy for a given file classification?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base