Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
406 results found
-
Custom User Role
Currently under user role and access permission, we can only give a user "Member" or "Co-Admin" role.
We would like the additional more granular role or provide us the ability to create custom role with checkboxes.
Our goal is to have a new Role to allow a user to be able to maintain the Shields List for Email Address (Allow List for Email Addresses).3 votes -
Use Issuer Label prefix in TOTP URI for MFA to conform to recommendations
When setting up MFA using authenticator app, the QR code you generate does not provide Issuer Label Prefix in the label.
This is not according to TOTP recommendations:
https://github.com/google/google-authenticator/wiki/Key-Uri-Format#issuerYour format is:
otpauth://totp/<EMAIL-ADRESS>?secret=<SECRET>&issuer=Squarespace&digits=6&period=30This leads Microsoft Authenticator to use the name <email-domain>, for example "gmail" or "outlook", for the account, as per https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label
If another website implements the same bad QR code format as you, on iOS one of the two will be overwritten, and you will loose access to that site.
Squarespace uses the same bad formatting, so chances of catastrophe is big. (I will also be reaching out…
1 vote -
Group-based SSO configuration
Current Status and Issues:
SSO mode can only be set for all users.
If SSO is mandatory, when IdP fails, all users cannot log in to Box.Desired Improvement:
I would like to specify a Box group to enable/disable/require SSO. If only the administrator can set "SSO Enabled", he/she can log in even in case of IdP failure, and by changing the setting of general users from "SSO Required" to "SSO Enabled", the business can continue.
Furthermore, if possible, we would like to set it up so that different groups can SSO in different IdPs.Reason for need:
The IdP…3 votes -
Additional control over Account Lockout
When a user exceeds the failed login amount threshold, it would be very helpful for there to be an account lockout triggered along with the notification email that would not require an admin to manually set the account to inactive.
1 vote -
Auto-Disable inactive users
Managed Users:
Enable the following feature:Box auto-disables managed user accounts that meet a set threshold of account inactivity. There should be a setting to specify a threshold for inactive users i.e. number of days since the last login.
2 votes -
Incorrect unsuccessful SSO sign on message.
My company uses Okta for SSO. I went to sign on at box.com. After entering my username, Google Authenticator token, and my password, I received an error message.
"Single sign-on authentication was unsuccessful (reference #GMSOVUES). with a partner # and a Target resource (I have a screenshot).
I typed "box.com" into the location bar to start the sign on process again. I entered my username. Boom, I was logged in. Thus, either the error message was incorrect, or Box has larger security problems.1 vote -
Default Setting: Invisible Collaborator List for External Users
Exposing the list of users collaborating on a folder to users from other companies could lead to a personal information leak. In the future, we would like to make the collaborator list invisible to users outside the company by default. We hope that this will be improved.
1 vote -
2 Factor Authentication
When a user is setting up 2 factor authentication, the message says it will replace your login settings. It needs to say explicity "Box settings", as it now leads you to believe it is replacing your authenticator app settings that is used for the employee's company login.
1 vote -
Increase Password Reset Duration
I would like to request admins have the ability to change the value for "Require users to reset passwords" to have "1 year" as an option.
2 votes -
More possibilities regarding session timeout
We find that the session timeout possibilities are somewhat limited. The jump from 2 days to 14 days is quite big - 2 days would log everyone out during each weekend, and would result in support tickets and 14 days are quite many. Something like 4 days inbetween would be great.
1 vote -
Allow users to see a list or report of links that -they have created-
Allow users to see a list or report of links that -they have created- so that they can be requested to review any external links and clean them up to keep organizational data secure.
2 votes -
Password reset is so laborioius
You need to vastly improve the password reset experience. It takes me several minutes to set up a new password and I have to do this on multiple computers. For one thing, DON'T expire passwords. It doesn't improve security at all. Second, if you have to expire them, send me a warning a few days ahead of time. Don't just shut down my Box drive app. Third, I should be able to log in with my old PW and just reset there, maybe with a 2nd factor authentication, like a text message. Finally, the PW rules are too narrow. If…
1 vote -
Folder-level access control
Box needs folder-level access control so that you can assign a specific user access level to a specific folder and not have it inherit the "waterfall" (unwanted) access level. This has been an issue for many years.
9 votes -
Need multiple options for 2-factor authentication
Please allow multiple options to receive a 2-factor authentication code. If I were to lose access to my cell phone or change the phone #, then I would be unable to receive a code via SMS and be locked out of Box.
In addition, please ensure the options other than 2FA code via SMS actually are viable options. Right now, the authenticator option doesn't work - no QR code is generated by Box for me to scan with my phone. The e-mail option also doesn't work - I keep getting an error message that the default e-mail is invalid ...…
2 votes -
Ability to exclude service account from password reset requirements
The ability to exclude Box Service Accounts email from required password reset by our enterprise. Our service account integrates with Salesforce and it breaks our connection when Box triggers a password reset.
1 vote -
Using Box with FTPS and MFA
We would like to use automated scripts to upload files to Box using FTPS. We would also like MFA enabled for our internal users. Box has advised that:
1. They do not provide service accounts to facilitate this
2. They do not allow per-user control over MFA settings
3. The process to login when MFA is enabled is manual and cannot be automated.
4. FTPS only works with SMS MFAWe would like the following product enhancements:
1. Automated MFA Support: The ability for automated scripts to interact with MFA, perhaps through a secure token-based system or service account that…1 vote -
Enable option to turn on Optimal Character Recognition (OCR) for all documents
Enable option to turn on Optimal Character Recognition (OCR) for all documents.
This is important for Search and Data Leakage Prevention (DLP)/Ethical Walls.
E.g. a Driver's License, Passport, etc. image gets uploaded, then Box DLP doesn't recognize this today.
28 votes -
Add permission to grant user access to see (list) of folders and files but not preview any content within the files.
This would provide awareness to the user that a file exists and they can then request preview (or other) access from the owner/co-owner.
1 vote -
External user verification via TOTP for shared links
Please consider adding a TOTP verification option for shared links. You could allow a link to be shared to an email address but require TOTP verification via that same email address. This would help verify that only someone with access to the email address we shared with can access the content without forcing them to signup for a free Box account.
Thank you
8 votes -
Closed folder structure
"My Sign Requests", "My Canvases" and "My Signed Documents" folders are created as private folders technically by Box, without any admin intervention. When using a closed folder structure, these folders can still be used by users to build their own folder structures, as they become the owner of this folder. This counteracts the idea of a closed folder system and represents a massive security gap. Users can then build folder structures and content in our box instance without any control by the admin and share them with external users.
These technically generated folders must therefore be restricted accordingly, or admins…
2 votes
- Don't see your idea?