Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
165 results found
-
Shared Link Password Policy
Much like the default link expiry policy we would also like one specific to forcing passwords for shared links and preferably being able to define that policy with minimum characters and complexity.
Bonus would be passwords that are auto-generated and viewable by the creator of the shared links to minimize the need for external tools.
54 votes -
MFA Excluded User List Needed
MFA Excluded User List Needed - if a user has to switch MFA devices, as of now the Admin would need to globally turn MFA off for everyone, also an admin might need to setup a box account and login as a user (say using lastpass) before the hire date, thus they need to be on an exclusion list until they start, additionally automated processes might need a login that would be excluded from MFA needs direclty within box, thus the requirement for an exclusion list for MFA that is freely adjustable.
5 votes- We will soon have the ability to download back up codes that can be used in case you don't have access to your MFA device.
- Certain Box plans have the ability to exempt specific users from MFA.
- We do have this exclusion list for external users.
Given these, we don't have plans to add an exclusion list for managed user MFA at this point.
-
SSO exception
Ability to have exceptions for SSO for specific amdin accounts/test users. Use case: there's a series of admin accounts we use that own folders/content in Box but aren't actual users. Now when we want to turn on SSO - we now have to have OKTA accounts for those accounts and test users, when we'd prefer to just do Box 2FA for those vs. SSO enabled for all
27 votesUnfortunately this is not on the near-term roadmap, that being said this is a very interesting request which we may consider in the mid-long term.
-
Allow the use of Linux devices as approved devices.
We had Linux based user using Box web console and as of the July update, they are no longer able to access Box. I would like to see Linx OS be added to the approved Operating Systems list in the Admin Console for enterprise settings.
44 votes -
Send a "here's how your items are shared" report to each user periodically
One of the most common sources of security breaches is due to a user inadvertently sharing an item more broadly or for longer than they intended.
A simple way to help limit those sorts of security breaches would be for Box to email every user a report periodically (configurable by the admin, but roughly monthly) that said "Here's how everything you own is shared with other people, and here's a link to the KB article that'll tell you how to fix it if it's not what you want", then showed a report of their folders, files, and shared links, with…
80 votes -
Enable passphrases instead of only complex passwords
We enabled the Box strong password policy for 3rd parties; however, it does not permit passphrases. In the CASB pilot, when I accepted an invite to collaborate on my personal Box account, Diageo Box required me to change my 15 character passphrase to a complex password. That will be a problem for any 3rd parties using passphrases. Therefore we should turn that policy OFF.
1 voteIf we understand that users may prefer passphrases instead of password this is not something that we plan to deliver in the near future.
-
Add hardware token security for 2FA
Yubikeys and similar devices allow for hardware token security and are highly recommended. We want to implement it across devices (ipad, iphone, android, MacOS, Windows) and this must include Box
SMS 2 factor is considered very hackable and has been hacked many times.
How can we use Yubikeys with Box.com ? What are your plans on this?44 votesWe now have the ability to use TOTP for 2FA. In addition, admins can enforce TOTP for managed/external users.
We do want to support FIDO standards for 2FA in the future and will update this idea with more details once we have a concrete plan. -
Add granularity to shared link controls
Based on organizational requirements and the variance, there should be additional controls such as limiting the capability to create shared links (open Links) to Admins or designated personnel as an option. This would allow for greater granularity as some divisions within an organization may have a need to share publicly, while also securing sensitive information
23 votesFor now, we are focussed on solving bulk management issues with Shared Links.
Box Shield is an additional option for enforcing granular controls on content.
-
Enforce parent folder collaboration restrictions on moved folders
Make sure that folder settings apply to all the subfolders. Currently, even if you restrict collaboration to within your company through folder settings, a folder that is already collaborated to external users can be moved into that folder. Right now, we don’t have the mechanism to check if a folder that is about to be moved is collaborated to external user.
20 votes -
Remove External Password once Done
I would love to see the ability to remove/disable the External password after it has been used. We have many users who only need it once or twice for something niche, but once it's set you can't undo it meaning they're stuck rotating that password every 90 days, forever, despite us being on SSO.
Disabling this closes a login method that's no longer needed which is overall more secure, and removes a large inconvenience.
2 votes -
Ability to insert custom words as watermark
If a user could add "Confidential" or "Company Secret" into watermarking,
the customer would be able to leave the legal evidence of the statement that the corresponding files are not allowed to disclose externally.
Also, it would be better if there is an option to set watermarking by folders as well.7 votesNot currently planned at this time.
-
10 votes
Not currently planned at this time.
-
Better error message for device limits
If there is a device limit set, the error message when you try logging in from another device should read something similar to: You have reached the max number of devices
4 votes -
Block users by geography
We'd like the ability to block users from accessing our Box environment from certain geographical areas, via a control in the admin console’s insights page (the geographic activity area).
3 votesWhile we like this idea, it is not currently planned at this time.
-
Collaboration Blacklisting
We would benefit from the ability to make a blacklist of collaborations (perhaps via domain) to prevent against the inbound or outbound collaboration with a certain (or set) of domains.
The current collaboration whitelist capabilities do not permit for blacklisting -- they only allow for whitelisting.
For example: "Can we block all inbound and outbound requests to/from a certain domain (e.g., gmail.com)?"
13 votesNot currently planned at this time.
-
Extend collaborations further than the default auto-expiration timeframe
When collaboration auto-expiration is in place on an enterprise level, folder owners can only extend the collaboration up to the default auto expiration timeframe. For example, if the enterprise has collaboration auto-expiration set at 90 days, the folder owner can currently only extend the collaboration for another 90 days. We would like for the folder owner to be able to extend the collaboration for a time period longer than the set collaboration auto-expiration.
6 votesWhile we like this idea, it is not currently planned at this time.
-
2 votes
While we like this idea, it is not currently planned at this time.
-
4 votes
This is not currently planned at this time.
-
9 votes
-
Bulk extend collaboration/shared link expiration
User would like to be able to extend access at a folder level rather than one at a time.
8 votes
- Don't see your idea?