Help shape the future of Box

Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!

See user guide here.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Need guest authentication by own AzureAD for external collaborators

    We can require 2-FA for external users, but it’s not enough security level to some customers. So, please add the ability to require guest authentication by own AzureAD for external collaborators.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Require additional Multi-Factor Authentication for external collaborators using SSO

    We can require 2-FA for external collaborators, but for external collaborators using SSO, Box does not check for whether users pass multi-factor authentication. Please add the ability to require additional multi-factor authentication for external collaborators using SSO.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Shared Link Password Policy

    Much like the default link expiry policy we would also like one specific to forcing passwords for shared links and preferably being able to define that policy with minimum characters and complexity.

    Bonus would be passwords that are auto-generated and viewable by the creator of the shared links to minimize the need for external tools.

    41 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    not planned  ·  9 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Folders to which only managed users can be invited

    【Request】
    Regarding the "Restrict collaboration to within {OrganizationName}" setting in the folder settings,
    I would like the definition of users recognized as users in the organization to be selectable from the following two options
    ・Users who have same domains OR Managed Users (Same as current specifications)
    ・Only Managed Users

    【Current specifications & Issues】
    Currently, for folders with this setting turned on, users can invite others who meet either of the following conditions
    - Managed users of the tenant
    - Users with a Box account with an email address in the registered domain

    As it stands, this specification allows free accounts…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Check the details of SSO for external collaborators

    We can require 2-FA for external collaborators, but for external collaborators using SSO, Box does not check for whether users pass multi-factor authentication.
Please add the ability what kind of authentications(ID/Pass, MFA, Device check, IP address limitation, etc) does external collaborators passed on SSO.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Persistent cookies

    Similar to Okta and Google Drive, we need the ability in Box to set use persistent cookie so the cookie doesn't expire when the browser is closed.

    Google Drive allows this by default, and Okta lets us specify the policy for specific users:
    ( see usePersistentCookie according in https://developer.okta.com/docs/reference/api/policy/#signon-session-object)

    Workflow:
    * launch browser, go to Okta, and log in (our IDP)
    * open up the box link - everything works
    * close the browser
    * open the browser
    * I'm still logged into Okta (since I have usePersistentCookie turned on)
    * when I go to a Box link, I'm…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Need to have the ability to share links with "Invited people" in organization and to external people in named specific domain

    Need to have the ability to share links with "Invited people" in organization and to external people in named specific domain.

    We have a need to keep folder collaboration available to only a specific group of internal users but we would like to be able to have the ability to share files or folders with external collaborators in specific domains. Almost like another level of the "Invited People" type of link. Can this be considered as an enhancement?

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Capability to finalize files

    It would be useful if it's possible to "finalize" files. Means some persons work on a file together until it is finalized and then prevent any further modification on the file. There is the Lock function, but then the person who locked the file, could still unlock it.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. "Automatically remove invited collaborators" - override/shorten

    I have enabled "Automatically remove invited collaborators" specifically for External Collaborators, under Enterprise settings > Content & Sharing.

    There are use cases (per folder) where the content owners/co-owners would like the ability to /override/ & shorten the expiration for an External Collaborator. This could be due to a contract or any other reason.

    The only method to do this now, is to delete the entire folder and all content.

    Example Use Case:

    Enterprise settings:
    - Content & Sharing > Invited collaborators expiration settings
    -- Automatically remove invited collaborators
    -- Remove after [ 90 ] days
    -- Apply these settings to…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Enable ability to require that someone shares their email when depositing a File Request

    Enable ability to require that someone shares their email when depositing a File Request.

    Today, I can only require someone to login to their Box account OR use a text field that says email, but I want a field SPECIFICALLY called email inside of File Request, so that I can trigger a Box Relay workflow to notify the email of whoever triggered the workflow (e.g. if a submission is denied, I want to notify them that it was denied and to include why........ if a submission was approved, I want to notify them that it was approved and to include…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Shared link expiration - based on no interaction

    It would help increase security if we had an option for external links - if they aren’t interacted with after a number of days (30,60,90, etc) they’re deactivated. Our team shares content but there is often turnover and no way to know if links are still out there. With an external link report, it would help show what's out there, but would be helpful to have additional controls.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Restrict the ability to create shared links for specific folders

    I want to be able to disable the option to create a shared link on specific folders containing sensitive information. If I give access to an external collaborator, it means that I gave him an access with a username (his email) and password. i have the option to see if he downloaded or viewed the file. I don't want that external collaborator to create a shared link and send it to someone else.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Secure open link - Require email address verification with one-time password

    【Summary】
    Please add "Require email address confirmation by one-time password" to the Open Link settings.
    This will allow the access statistics to show the email addresses of users who have accessed from the open link, so that you can determine if the access is suspicious or not.

    【Problem to be solved】
    The current open link is not secure enough.
    This is because it is not possible to determine who accessed the file.
    With the current use, if a user who is not logged in to Box accesses from an open link, the access history only shows the IP address and…

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Restrict day of week and/or times when licensed users can authenticate into Box

    Allow admins the option to restrict which days of the week and/or time of day is allowed for licensed users to authenticate into Box, individually and/or as part of a role/Box Group. This would be helpful for multiple use-cases. Restricting Box access at specific times can assist with ensuring compliance with wage and hour laws, limiting changes that can be made in Box to times when staff will be available to respond and/or address changes, and limiting access during periods where access is not expected or desired by the licensing organization helping to better secure Box content.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Add a new permissions category - Upload download and view only

    Permission to upload download and view only
    o Not edit or delete

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Modify session duration across all plans

    A 14 day session duration is a highly unnecessary security risk for any organization working information with any level of sensitivity. Please open up the ability to reduce this to any paid plan, rather than only the Enterprise plan. It feels like a very minor thing compared to the more complex feature sets and automation that otherwise distinguish the plans. It was sub-optimal, but somewhat acceptable, to not be able to reduce this when the default was 48 hours, but it's really concerning to not be able to do so now that the default has been made so much longer.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. MFA Excluded User List Needed

    MFA Excluded User List Needed - if a user has to switch MFA devices, as of now the Admin would need to globally turn MFA off for everyone, also an admin might need to setup a box account and login as a user (say using lastpass) before the hire date, thus they need to be on an exclusion list until they start, additionally automated processes might need a login that would be excluded from MFA needs direclty within box, thus the requirement for an exclusion list for MFA that is freely adjustable.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)


    1. We will soon have the ability to download back up codes that can be used in case you don't have access to your MFA device.
    2. Certain Box plans have the ability to exempt specific users from MFA.
    3. We do have this exclusion list for external users.


    Given these, we don't have plans to add an exclusion list for managed user MFA at this point.

  19. Box Relay: Remove Collaborators and Shared Links

    We would like the ability to use Box Relay to automatically remove all Collaborators and Shared Links from a folder and all of the sub-items within that folder.
    This functionality would be used to secure company files when an employee is off-boarded and ideally this process would be generated by placing a folder within another folder.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Secure open link - Domain white list for open shared link

    This request is an idea that will become possible after the following requests are realized.
    Secure open link① - Require email address verification with one-time password
    https://pulse.box.com/forums/909778-help-shape-the-future-of-box/suggestions/43755942-secure-open-link-require-email-address-verifica

    【Summary】
    Please add "Allow only email addresses from specific domains to receive one-time passwords" to the Open Link settings.
    This will make it possible to prevent secondary distribution and miscommunication, which is a huge issue for Open Link.

    【Issues to be solved】
    Current Open Link is not secure enough as an alternative to attachments.
    Compared to attachments, the ability to determine the information of the access source and the ability to block access…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
← Previous 1 3 4 5 16 17
  • Don't see your idea?

Feedback and Knowledge Base