My company does not allow us to share a box folder with any other users or service account. How can I give access to box folder with service account created by my company and not by Box(automation user svc account). Basically, I don’t want to use svc user auto generated by Box upon authorisation but I want use box apis to upload the file. How can I do this?
I really need answer to this as soon as possible. Thanks in advance.
Page 1 / 1
Hi @user39
I’ll probably need more details for your use case.
However maybe this helps.
Service accounts can often (if configured) impersonate users. Apps using the JWT (json web tokens) authentications can use the as-user header and CCG (client credential grants) can use the user id directly on authentication.
This means the service account will have the same access and security context of the user.
However if the application security context should always remain within the user then maybe OAuth2 is a better approach.
Food for thought.
We actually had the opposite issue, where our BOX admins required only user accounts. But, like you, we didn’t want to tie any production automation to a user (attrition, retirement, etc.). I created an account in Active Directory for an Exchange mailbox (both linked to our identity system), then passed this to my BOX admins to create the necessary enterprise account. Once configured I was able to logon as the “service” user and create the necessary JWT for automation. The app still had to be approved for use in the enterprise, but it was a surprisingly fast process (for Illinois). Now we’ve got a single service account that multiple admins can oversee. Easy peasy.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.