My company has a very strictly controlled access policy to Box. Not all users with email addresses in our verified domains for box are allowed to use it. It is controlled by an SSO login with specific user access defined to Box. Recently, I have seen when members of our organization receive a Box Sign request from an external source these users, who should not be allowed access to our Box instance are auto-enrolled as a managed user. This happens I assume because the domain of their email address matches the verified domain my Company uses for Box.
We do not want this to occur. When it happens I must remove these users manually after I get notified of the new unauthorized addition to the managed user count.
How do we stop this from happening?
Question
Restricting auto-enrolls for users with externally generated Box Sign requests
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.