Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
- or
629 results found
-
73 votes
Read more about this feature here: https://blog.box.com/enterprise-security-two-factor-authentication-external-users
-
2FA - Option to select SMS or Email as opposed to both
Hi all,
We would like to have the option to select SMS as a 2FA method without having to have email as an option.
Back in April last year Box introduced the option to have email as a 2FA Method. Unfortunately we can’t have Authenticator app and SMS but no email as a setting. Either it’s Authenticator app only or we have to enable emails too.
On productions we go for the Authenticator app as that’s the most secure option, but one of our subsidiaries would like to give the option for SMS too.
Enabling emails is a major security…
3 votes -
94 votes
-
Make sure there are multiple ways to login to Box incase 2FA is disabled or not working. Perhaps ask a security question in lieu of the 2FA.
Make sure there are multiple ways to login to Box incase 2FA is disabled or not working. Perhaps ask a security question in lieu of the 2FA. So if someone changes the phone or email or the app, they can login with their username and password, and then if the 2FA fails, answer some security questions to get logged in. I just changed my phone and the authenticator app was not working,so I had to email the Box team and it took 2 weeks to get back into my account. So let's come up with a system for this.…
1 vote -
Require 2FA for certain content only (not globally)
Force 2-factor / MFA based on the type of content, folder, user. etc. - natively in Box or support this functionality through IdP
11 votes -
Button in the Admin Console to remove the existing 2FA without logging in as that User
We currently have to search for the user in the admin console, log in as them, go to their personal settings, remove their existing method, then return to the admin console. If there was a button in the admin console to remove the existing 2FA without logging in as that person, it would be really handy
1 vote -
Your email reminders to setup 2FA are too aggressive
Over the course of 6 hours (during the night), I received 5 emails asking me to 'Set up 2 Factor Authentication'. This is quite aggressive.
2 votes -
2 factor authentication
Just been chatting with the support guys ... When turning on 2FA, the first log in prompts for the auth code. However, every login after that drops back to just asking for username/password. (unless you clear your browser down every time !)
for 2fa to be effective, the system should ask for the auth code at every login otherwise there is no point in enabling it.
7 votesWe've recently released changes in MFA configuration which allow admins to configure how often the second factor should be requested.
-
Authy 2 Factor Authentication.
Include Vietnam in 2-FA or remove it from the list of countries in the menu when trying to add 2FA.
2 votesThis is available. Both SMS and TOTP can be used.
-
2MFA Exempt
Allow co-admins to "exempt" users from 2FA - having it solely with primary owner is not practical
1 vote -
0 votes
This is not currently planned. We will revisit this with additional use case data.
-
SSO exception
Ability to have exceptions for SSO for specific amdin accounts/test users. Use case: there's a series of admin accounts we use that own folders/content in Box but aren't actual users. Now when we want to turn on SSO - we now have to have OKTA accounts for those accounts and test users, when we'd prefer to just do Box 2FA for those vs. SSO enabled for all
47 votesUnfortunately this is not on the near-term roadmap, that being said this is a very interesting request which we may consider in the mid-long term.
-
Two-factor authentication with authenticator apps
It should be possible for 2FA login to be via an authenticator app as opposed to SMS. This is arguably more secure and more convenient and something competitors offer.
3 votesThis feature is now available: https://support.box.com/hc/en-us/articles/360059934154-TOTP-support-for-MFA
-
Support IAL2/AAL2 Identity Providers as a Box Login
Box should partner with identity providers like ID.me and Login.gov, allowing for enterprises to ensure a smooth and secure login process for managed users and external collaborators alike . Users should be able to use these credentials to access Box.
This is especially important to reduce the risk of unverified external collaborators accessing sensitive enterprise content. Ideally, admins can enforce these IdP logins for external collaborators (similarly to how the current 2FA setting for external collaborators works). These two identity providers can require IAL2/AAL2 identity verification and authentication in accordance with NIST 800-63-3 standards.
5 votes -
MSP access
We use a managed service provider for help desk support. It would be useful to be able to add management with limited access to set permissions and to reset passwords and 2fa. We don't want to use full Box license or permit access to company data
1 vote -
Need multiple options for 2-factor authentication
Please allow multiple options to receive a 2-factor authentication code. If I were to lose access to my cell phone or change the phone #, then I would be unable to receive a code via SMS and be locked out of Box.
In addition, please ensure the options other than 2FA code via SMS actually are viable options. Right now, the authenticator option doesn't work - no QR code is generated by Box for me to scan with my phone. The e-mail option also doesn't work - I keep getting an error message that the default e-mail is invalid ...…
2 votes -
Need guest authentication by own AzureAD for external collaborators
We can require 2-FA for external users, but it’s not enough security level to some customers. So, please add the ability to require guest authentication by own AzureAD for external collaborators.
19 votes -
advance generation of 2nd factor authentication codes
provide an option to generate a one time code for 2 factor authentication in advance.
We have a use case where an external organisation has provided a PC in their site where our users can log in to box, however our users are not allowed to bring their own devices (phones or laptops) onto the site.
To continue using 2FA it would be useful if a user could generate a one time code in advance print it then use it as the 2nd factor when logging in to the machine proved by the external organisation.
(similar to google authenticator backup…1 voteMFA backup codes are available to use. Feel free to reach out in case you need support on the enablement.
-
Phone number format prompt
When setting 2FA by SMS, Box should update this part of the web site to specify exactly what format the phone number needs to be entered in.
E.g. "7797123456" and not +447797123456, 447797123456, +44(0)7797123456 etc.
Although it seems to work with or without a leading zero, it would be better to not include it as it is not part of the "phone number"1 vote -
Check the details of SSO for external collaborators
We can require 2-FA for external collaborators, but for external collaborators using SSO, Box does not check for whether users pass multi-factor authentication. Please add the ability what kind of authentications(ID/Pass, MFA, Device check, IP address limitation, etc) does external collaborators passed on SSO.
20 votes
- Don't see your idea?