Customers need the ability to restrict Box Form links to internal, authenticated users (and ideally specific users/groups), instead of only “anyone with the link.” Current behavior conflicts with stricter security postures and makes Forms hard to adopt for internal project and regulated use cases.

Background / Use Case
Customer is using Box Relay + Box Forms as part of internal project workflows:

Workflow trigger: Form submission (Relay)

Outcome: e.g., DocGen or other internal automation

They want to present Forms to internal project teams only and treat them as an internal front end to Box workflows.

Today, the Form sharing model exposes a shared link that can be configured at admin level to allow “anyone with the link” or require a Box login, but there is no way to scope the Form link to:

“People in your company” only, or

A specific set of users / groups, similar to folder and file sharing.