Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
379 results found
-
Get details on shared link without owner
Airbnb and other companies when going through a large
deprovision of accounts run into issues where someone shares a link of the file after the owner is
no longer there and the collaboration is removed. But with just the file link, there is no way for the admin to get anymore details on the file.The feature request is the ability to get more details on a file through the link.
1 vote -
Box lock security
We just discovered that a user with viewer-uploader permissions can unlock files which our team believes is an unacceptable security flaw. The viewer-uploader level of security is required for a user to create a folder within a folder that we have granted them access to, but other than that level of editing our external invited partners should not have the ability to manage a security feature such as unlocking a file or folder.
1 vote -
Upgrade from reCAPTCHA v2 to reCAPTCHA v3
The pictures shown in reCAPTCHA v2 like traffic lights and crosswalks are vague, leading many users to fail to log in.
As a result they would like Box to use reCAPTCHA v3 instead.5 votes -
Allow SSO users to remove their external password again
Since I as a user can set up an external password for my SSO account, I'd like to also be able to remove that external password when I no longer need it. This a) removes an unnecessary login method and therefore improves security and b) alleviates the need for me to regularly change a password I no longer have any use for.
Currently this requires going through Box support (and potentially an enterprise's own internal support hierarchy before that, as in my case), whereas it could also be a simple link/button next to the "Change Password" link in my account…
1 vote -
Hardware security option for Login
So far there is no option of hardware security, like Yubico/ Yubikey or similar security keys that require physical identification (I have just checked with your service). SMS code/confirmation is a poor alternative. Please consider option to use USB computer security keys (Dropbox has it, so stay in line with competion, as you are much better!) https://www.yubico.com/works-with-yubikey/join/
3 votes -
Can we get a report that shows WHY a device failed Device Trust?
Can we get a report that shows WHY a device failed Device Trust?
1 vote -
In China we have to use (redacted) as box.com is blocked, and after few weeks not logining (Box Alternate domain)
One of our vendor can’t login box with his own company email account. And then can’t share file with him to update.
I found he can’t see the “i’m not a robot” after login (Box Alternate domain) to fill in password as he doesn’t have VPN enabled
after i use his account to login and validated this, he can then login normally.
Looks if you don’t use box for few weeks, it will ask you to validate via this google authentication way which he can’t see it without VPN.
How to fix this for china users if they can't use…
2 votes -
SSO Required - API authorize endpoint behavior not consistent with Core Box
USAF is developing a custom iOS app on Box requiring USAF internal users to authenticate into the app via SSO. With "SSO Required" turned ON, the app redirects users to the Box login page and not the SSO login page on invoking the Box authorize API endpoint. This seems not to be consistent with the Core Box "SSO Required" flow
More details including user flow illustration in the ticket.
JIRA ticket - https://jira.inside-box.net/browse/BOX-2059301 vote -
True Client IP vs Accelerator IP in Audit Logs
To improve download speeds, Box automatically leverages "accelerator" hosts on various cloud/hosting providers around the world. When this happens, the "client IP address" recorded in the audit logs is the accelerator IP address, and not the true endpoint IP address. This results in false positives in "impossible travel" analytics, and could result in false negatives. We request that the audit logs be enhanced to capture the true client IP and accelerator IP (where applicable) as separate fields in the logs.
2 votes -
1 vote
-
Enable passphrases instead of only complex passwords
We enabled the Box strong password policy for 3rd parties; however, it does not permit passphrases. In the CASB pilot, when I accepted an invite to collaborate on my personal Box account, Diageo Box required me to change my 15 character passphrase to a complex password. That will be a problem for any 3rd parties using passphrases. Therefore we should turn that policy OFF.
1 voteIf we understand that users may prefer passphrases instead of password this is not something that we plan to deliver in the near future.
-
Add action option for Content Security policy
add another action option to the 'Then take the action(s)' section under Content Security Policies. It would be useful if one of the available actions was to disable the users account/set it to inactive automatically if the account were to violate the content security policy.
1 vote -
Cylance
Please add Cylance to the list of Antivirus vendors as part of the Box Device Trust settings!
2 votes -
1 vote
-
Limited access to external collaborators on file & folder
Dear Team, I want to give access to my auditor some file. However I do not want them to edit, save , download or print screen any documents.
How to do this ?
1 vote -
Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.
Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.
2 votes -
Convert all notification email contain "app.box.com" link to "ent.box.com" under BVE
Some notification email such as "Email Uploads completed" contain "app.box.com" link even for enterprises that have Box Verified Enterprise enabled.
They should be converted to "ent.box.com" link in order to access them from Internal network.
1 vote -
Block end user password reset for SSO users
In our environment, we enforce SSO, however users can still go into their user settings to reset their password and change the password. My understanding is that this password is only usable for FTP access, but it is confusing for users and we do not use the FTP functionality. Block end user password reset for SSO users
2 votes -
Create Outlook anomaly detection
Build out an Outlook feature or compatible security product that can impose rules on content categories that can alert the appropriate individuals of anomalies or misuse before the file leaves the company’s boundaries in the email program.
1 vote -
Include types of virus for Virus alert email
Include which type of virus contained in virus notification alert email. If types of virus includes in alert, admin is able to identify that alert email was accurate.
3 votes
- Don't see your idea?