Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
388 results found
-
I would like to be able to specify multiple two-factor authentication options.
I would like to be able to specify multiple two-factor authentication instead of one.
The reason is that I want to be able to use it as a sub as a backup.example: select both SMS and Authentication App.
This is helpful if a user loses their backup code and is blocked from logging in.
-in Japanese
二要素認証のオプションを複数指定できるようにしてほしい。二要素認証オプションを1つではなく
複数指定できるようにしてほしいです。
理由はバックアップとしてサブで使えるようにしたいからです。例:SMSと認証アプリの両方を選択する。
これは、ユーザーがバックアップコードを紛失し、ログインをブロックされた場合に役立ちます。3 votes -
Add the ability to edit Watermarks or have some menu options... e.g. Confidential, Not for Distribution
Add the ability to edit Watermarks or have some menu options beyond name and time ... e.g. Confidential, Not for Distribution. etc.
1 vote -
Use Issuer Label prefix in TOTP URI for MFA to conform to recommendations
When setting up MFA using authenticator app, the QR code you generate does not provide Issuer Label Prefix in the label.
This is not according to TOTP recommendations:
https://github.com/google/google-authenticator/wiki/Key-Uri-Format#issuerYour format is:
otpauth://totp/<EMAIL-ADRESS>?secret=<SECRET>&issuer=Squarespace&digits=6&period=30This leads Microsoft Authenticator to use the name <email-domain>, for example "gmail" or "outlook", for the account, as per https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label
If another website implements the same bad QR code format as you, on iOS one of the two will be overwritten, and you will loose access to that site.
Squarespace uses the same bad formatting, so chances of catastrophe is big. (I will also be reaching out…
1 vote -
Allow using 2FA for free accounts
Hello,
It is very regrettable that BOX doesn't provide the possibility to set up 2FA security connection for theirs free account users! To have this level of security connection to the BOX account doesn't mean to profit extra services, quality, support, etc., but simply protect the BOX account and safe private data.
That's should be nowadays including in base services, that's not an extra!
To compromise the security of free BOX account users by blocking to use a worldly recommended 2FA security system, is simply contemptuous and dangerous.
Can BOX revise this issue?
1 vote -
Additional control over Account Lockout
When a user exceeds the failed login amount threshold, it would be very helpful for there to be an account lockout triggered along with the notification email that would not require an admin to manually set the account to inactive.
1 vote -
Incorrect unsuccessful SSO sign on message.
My company uses Okta for SSO. I went to sign on at box.com. After entering my username, Google Authenticator token, and my password, I received an error message.
"Single sign-on authentication was unsuccessful (reference #GMSOVUES). with a partner # and a Target resource (I have a screenshot).
I typed "box.com" into the location bar to start the sign on process again. I entered my username. Boom, I was logged in. Thus, either the error message was incorrect, or Box has larger security problems.1 vote -
Default Setting: Invisible Collaborator List for External Users
Exposing the list of users collaborating on a folder to users from other companies could lead to a personal information leak. In the future, we would like to make the collaborator list invisible to users outside the company by default. We hope that this will be improved.
1 vote -
FIDO2 Phising Resistant MFA
Box only supports MFA and TOTOP options for 2FA external users. There is a need for FIDO2 (phising-resistant) requirements as an option for external sharing.
This process is not only secure but also user-friendly. There's no need for users to remember extra passwords or carry around additional hardware tokens. There is no need to install additional software; all the major browser support this out of the box. The device and browser do all the heavy lifting.
Per the updated guidelines from the National Institute of Standards and Technology (NIST), the requirement is that internal users must use phishing-resistant MFA, while…
21 votes -
SSO certificates auto-renewal
Requesting Box allow SSO certificates to auto-renew based off the metadata allowing Box to refresh the cert from the idp without manual renewal of the cert.
1 vote -
2 Factor Authentication
When a user is setting up 2 factor authentication, the message says it will replace your login settings. It needs to say explicity "Box settings", as it now leads you to believe it is replacing your authenticator app settings that is used for the employee's company login.
1 vote -
Auto-Disable inactive users
Managed Users:
Enable the following feature:Box auto-disables managed user accounts that meet a set threshold of account inactivity. There should be a setting to specify a threshold for inactive users i.e. number of days since the last login.
1 vote -
More possibilities regarding session timeout
We find that the session timeout possibilities are somewhat limited. The jump from 2 days to 14 days is quite big - 2 days would log everyone out during each weekend, and would result in support tickets and 14 days are quite many. Something like 4 days inbetween would be great.
1 vote -
Custom User Role
Currently under user role and access permission, we can only give a user "Member" or "Co-Admin" role.
We would like the additional more granular role or provide us the ability to create custom role with checkboxes.
Our goal is to have a new Role to allow a user to be able to maintain the Shields List for Email Address (Allow List for Email Addresses).1 vote -
Group-based SSO configuration
Current Status and Issues:
SSO mode can only be set for all users.
If SSO is mandatory, when IdP fails, all users cannot log in to Box.Desired Improvement:
I would like to specify a Box group to enable/disable/require SSO. If only the administrator can set "SSO Enabled", he/she can log in even in case of IdP failure, and by changing the setting of general users from "SSO Required" to "SSO Enabled", the business can continue.
Furthermore, if possible, we would like to set it up so that different groups can SSO in different IdPs.Reason for need:
The IdP…1 vote -
Ability to have users enter their name and email address when downloading from a shared link without being logged in.
In the case of a public shared link, there is no way to verify the user who manipulated the file if it was manipulated while the user was not logged in.
However, we would like to verify by whom the shared file was downloaded.
Since the file sharing partners are unspecified, we would like to share files via a shared link rather than through collaboration.
Request the ability to track the operating user by having them enter their name and email address when downloading from a shared link in an un-logged-in state.(日本語)
<共有リンクから未ログイン状態でダウンロードする際に名前やメールアドレスを入力できる機能>
「リンクを知っている全員」に設定した共有リンクの場合、未ログイン状態で操作された場合はファイルを操作したユーザーを確認する手段がありません。
しかし、共有したファイルが誰によってダウンロードされているか確認したいと考えています。
ファイルの共有相手は不特定多数のため、コラボレーションではなく共有リンクでファイルを共有したいと考えています。
共有リンクから未ログイン状態でダウンロードする際には名前やメールアドレスを入力させて、操作ユーザーを追える機能をリクエストします。5 votes -
Password reset is so laborioius
You need to vastly improve the password reset experience. It takes me several minutes to set up a new password and I have to do this on multiple computers. For one thing, DON'T expire passwords. It doesn't improve security at all. Second, if you have to expire them, send me a warning a few days ahead of time. Don't just shut down my Box drive app. Third, I should be able to log in with my old PW and just reset there, maybe with a 2nd factor authentication, like a text message. Finally, the PW rules are too narrow. If…
1 vote -
Increase Password Reset Duration
I would like to request admins have the ability to change the value for "Require users to reset passwords" to have "1 year" as an option.
1 vote -
Require 12 characters for External Collaborator Passwords
Currently, if 'Require Strong Passwords for External Collaborators' is selected, the external collaborator will be required to use at least 8 characters (along with additional criteria). The ask is to require 12 characters, rather than 8, for increased security.
3 votes -
Ability to exclude service account from password reset requirements
The ability to exclude Box Service Accounts email from required password reset by our enterprise. Our service account integrates with Salesforce and it breaks our connection when Box triggers a password reset.
1 vote -
Using Box with FTPS and MFA
We would like to use automated scripts to upload files to Box using FTPS. We would also like MFA enabled for our internal users. Box has advised that:
1. They do not provide service accounts to facilitate this
2. They do not allow per-user control over MFA settings
3. The process to login when MFA is enabled is manual and cannot be automated.
4. FTPS only works with SMS MFAWe would like the following product enhancements:
1. Automated MFA Support: The ability for automated scripts to interact with MFA, perhaps through a secure token-based system or service account that…1 vote
- Don't see your idea?