Views:

To provision a service account for Box from Cloud App Security web console, do the following:

 
A co-admin role must not be used when provisioning service accounts for Box. Cloud App Security needs to impersonate all users to take the "Quarantine" action but Box co-admins cannot impersonate any admin or co-admin role.
 
  1. Log on to the Cloud App Security management console.
  2. Hover over Box, and click Provision.

    Provision for Box

    Click the image to enlarge.

  3. The Provision Service Account for Box screen appears. Click the Click here link.

    Service Account

    Click the image to enlarge.

  4. On the Box logon screen, specify your Box Admin credentials and click Authorize.
  5. Once the Box authorization window appears, click Grant access to Box.

    Grant Access

    Click the image to enlarge.

  6. Go back to the Cloud App Security management console.
     
    Cloud App Security will synchronize your Box user and group information, including the user ID, user name, user email address, group ID, and group name. The time required depends on how many users and groups you have in Box.
     
  7. In the upper-right corner of the management console, hover over the bell icon and verify if the Box provisioning has succeeded. If the message "Box protected." appears on the Notifications screen, the provisioning is successful.
     
    If for some reason the access token used by the service account becomes invalid, to continue using the service account, go to Administration > Service Account to create a new access token. For more information, see Service Account.
     
  8. Cloud App Security generates the following folders in the Box administrator's root directory:
    • Quarantine folder (trendmicro_cas_quarantine__dont_change_or_delete)
      The Quarantine folder can be accessed only by the administrator.
    • Temporary folder (trendmicro_cas_temp__dont_change_or_delete)
      The Temporary folder can be edited only by users belonging to the group.
     
    When the storage space for the quarantine folder is full, Cloud App Security will send a notification email to the mailbox of the CLP or LMP account.
     
  9. Add the Cloud App Security application for all of your users. Perform the following steps:
    1. Login to Box.
    2. Click Apps on the menu bar.
    3. In the Individual Application Controls section, search for the application named Cloud App Security.
    4. For the Cloud App Security application, select Enforce event notifications settings on all users and click Added by default.
     
    A user is protected only when the user has added Cloud App Security, and will no longer be protected once the user removes the application.
     
  10. Disable email notifications for the temporary folder (trendmicro_cas_temp__dont_change_or_delete) for all users.
    1. Click My Account on the top header bar.
    2. Find the temporary folder (trendmicro_cas_temp__dont_change_or_delete), click the menu icon on the right side, and select Settings.
    3. Under Email and Notifications, click Override default settings for this folder and all subfolders and select Disable all email notifications for all collaborators. Users will no longer receive email notifications for the temporary folder.
     
    If you do not perform this step, all users will be notified every time the temporary folder changes.
     
Keywords: setup provision for box scanning,configure CAS to scan box files,allow CAS to scan box files