This section provides instructions for connecting Cloud App Security to your existing Box account using the App Connector APIs.
How to connect Box to Cloud App Security
Deploying with an account that is not an Admin account will lead to a failure in the API test and will not allow Cloud App Security to scan all of the files in Box. If this is a problem for you, you can deploy with a Co-Admin that has all of the privileges checked, but the API test will continue to fail and files owned by other admins in Box will not be scanned.
If you restrict application permission access, follow this step. Otherwise, skip to step 2.
In the Box Admin console, click the settings icon followed by Business settings.
Click on the Apps tab.
If Unpublished Applications is selected, in the Except for text box, add the Cloud App Security app serial number:
nduj1o3yavu30dii7e03c3n7p49cj2qhand click Save.
If you are an existing Adallom customer, and your console URL is for Adallom and not Cloud App Security, use this app serial number: bwahmilhdlpbqy2ongkl119o3lrkoshc.
In the Cloud App Security portal, click Investigate and then Connected apps.
In the App connectors page, click the plus sign button and select Box.
In the Box settings pop-up, click Follow this link.
This opens the Box log on page. Enter your credentials to allow Cloud App Security access to your team's Box app.
Box will ask you if you want to allow Cloud App Security access to your team information and activity log and perform any activity as any team member. To proceed, click Allow.
Back in the Cloud App Security portal, you should receive a message saying that Box was successfully connected.
Make sure the connection succeeded by clicking Test API.
Testing may take a couple of minutes. After receiving a success notice, click Close.
Box is now connected to Cloud App Security.
After connecting Box, you will receive events for 60 days prior to connection.
After connecting Box, Cloud App Security performs a full scan. Depending on how many files and users you have, completing the full scan can take awhile. To enable near real time scanning, files on which activity is detected are moved to the beginning of the scan queue, for example a file that is edited, updated, or shared is scanned right away and doesn't wait until it is reached by regular scan process. This does not apply to files that are not inherently modified, for example files that are viewed, previewed, printed or exported.