Securing Shared Links

Here at Box, we want to make it simple to work together to create and collaborate on content. Box Shared Links allow you to share hyperlinks to content stored in Box with people both inside and outside the company. Sending someone a shared link to a file or folder is an easy way to collaborate. You can also make things easier to remember by customizing the URL of shared links. These shared links are called Custom Shared Links.


To ensure that the right people have access to shared content, you can configure access controls on a Box Shared Link as follows:

  • People with the link (public/open) -  Anyone with the link can access the item and no Box account is required
  • People in your company - Users within your same Box enterprise and users who have a Box account with the same email domain  will be able to access content
  • People in this folder/file -  Only users who have been invited to the item (folder or file) can access the content


You can also enable security controls such as password-protection and expiration policies on shared links. In addition to user-level security controls, company  Box administrators can apply enterprise wide security controls on Shared Links. Coupled with appropriate security controls based on the sensitivity of the content, Shared Links provide a frictionless and secure way to collaborate.  


Creating public custom shared links for any content may result in anyone who can guess the URL gaining access to that content. To reduce risk to sensitive content, we recommend that:


  • Administrators configure Shared Link default access to 'People in your company' to reduce accidental creation of public (open) links by users.
  • Administrators regularly run a shared link report (as described here) to find and manage public custom shared links.
  • Users do not create public (open) custom shared links to content that is not intended for public consumption 
Version history
Revision #:
1 of 1
Last update:
‎09-28-2018 03:13 PM
Updated by:
Labels (2)