We are using Box with SSO set to Required and MFA is enforced at our IdP.When trying to view or regenerate a client secret (Client Credentials Grant) or generate a JWT key pair in the Developer Console, Box requires that the user has Box 2-Step Verification enabled.However, when SSO is Required, the Box-native 2-Step Verification setting is not available in the user’s security settings.Questions: Can IdP-side MFA be recognized by Box as satisfying the “2-Step Verification” requirement for Developer Console operations? If not, is it impossible to regenerate client secrets / JWT key pairs in an SSO Required environment without temporarily disabling SSO? Is there an official workaround or supported procedure for this scenario? We want to avoid relaxing SSO policies in production if possible.

Question

Client Credentials / JWT key generation with SSO Required and IdP MFA

Forum|Forum|4 hours ago
January 21, 2026
0 replies
17 views

rokukawa
New Participant

We are using Box with SSO set to Required and MFA is enforced at our IdP.

When trying to view or regenerate a client secret (Client Credentials Grant) or generate a JWT key pair in the Developer Console, Box requires that the user has Box 2-Step Verification enabled.

However, when SSO is Required, the Box-native 2-Step Verification setting is not available in the user’s security settings.

Questions:

Can IdP-side MFA be recognized by Box as satisfying the “2-Step Verification” requirement for Developer Console operations?
If not, is it impossible to regenerate client secrets / JWT key pairs in an SSO Required environment without temporarily disabling SSO?
Is there an official workaround or supported procedure for this scenario?

We want to avoid relaxing SSO policies in production if possible.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded