Box as a platform support multiple types of Users. Here are different user types and their descriptions including use case. Let us know if you want to know more about a user type or have a question on use cases.
| User Type | Description |
|---|
| Admin User | - Overall owner of Box Enterprise instance
- Configures global security and content settings
- Responsible for enabling/authorizing Custom Applications – including review of authorized scopes
Use Cases: Required for all use cases. |
| Managed User | - Standard knowledge worker would use this type of account to access the Box first-party applications (web, mobile, drive, etc.) - either through Box credentials or SSO
- Use OAuth 2.0 to authorize Box partner integrations (Salesforce, Teams, Slack, etc.)
- Can use JWT Authentication if Custom Application's "Application Access" setting is set to Enterprise and application has been authorized by the Enterprise's Admin
- Consumes a standard Box license – account is owned by your Box Enterprise
Use Cases: Internal users logging to Box.com or custom portal. Some examples: Marketing docs collaboration, HR portal, Sales strategy etc. |
| Co-Admin User | - Managed User account with certain elevated permissions, as provided by Admin
|
| External User | - Managed User that belongs to someone else's Box Enterprise – cannot be created or managed by API or Admin Console
- Can be added to folders/collaborated with depending on global security and content settings
Use Cases: Content Collaboration outside the enterprise. Examples: Consulting documents, Tax Prep content with CPA. |
| Service Account | - A Service Account is automatically created when Admin User authorizes a Custom Application within the Box Enterprise
- Service Account represents an application in the eyes of Box
- Can create users that belong to the application (App Users) or enterprise (Managed Users) if scoped to do so, can own content, can have elevated permissions as Co-Admin
- Leveraged most in "app-owned content" or "app-owned process" scenarios
Use Case: Custom portal supporting partners/customers. |
| App User | - Only access to Box is via API – does not have Box credentials or access to any Box first-party applications
- Owned by the application that created it – application authorization owned by the Enterprise
- Represented to Box by a User ID in a JWT token request – authentication owned by the application's identity service
- Is used to represent a single user of a Custom Application – can own content, collaborate on content, preview, etc.
- Leveraged to give users a controlled content experience – users don't have to authorize Box nor do they necessarily realize that they're interacting with Box services behind the scenes
Use Cases: Customer/Partners logging to custom portal to access Box content in a secure manner. Examples: Wealth management, Insurance claim, Procurement portal etc. |
