APIs for SSO settings and 2-step verification
Answered
Hi there,
Apologize if this has been answered already, I’m new to Box.
We're developing a custom application for Box to help our clients to manage their users.
I wonder how to use API to retrieve the following information:
* Whether a user has enabled 2-step verification
* Whether an enterprise has enabled SSO
* Whether a user is created/provisioned through SSO
Thanks,
-
Hi ,
There is some information there that you will be able to retrieve through the GET user endpoint, and some you'll have to access from the admin console (not through the APIs - this is only accessible by your enterprise admin).
The GET user endpoint will return back a user object to you when you fetch their information. As part of that JSON payload will be a few fields that you may be able to use:
- is_exempt_from_login_verification - this will basically say whether the user has to log in via 2FA (true) or not (false).
- tracking_codes - these are small little objects that can be set by an admin when a user is created. What I would suggest doing is when a user is created these fields can be used to store their state (provisioned through SSO or not).
For the question on whether the enterprise has enabled SSO, that will be available via the admin console under the user settings (https://app.box.com/master/settings/user).
Thanks,
Jon
-
Hi there,
I have some tests on 2-steps login verification recently and found:
The flag "is_exempt_from_login_verification" is not "Whether or not this user must use two-factor authentication" as described in API document, but is actually "Exempt this user from 2-step verification" which is the config on Web UI.
When a user sets 2-steps login verification, this flag is still false.
Please sign in to leave a comment.
Comments
3 comments