Connecting to Box involves first providing a mechanism to authenticate to Box using one of three methods. Once authenticated, users need to select the relevant project to enable the connection.
- Go to the security tab and setup Box Authentication (see below).
Security and Authentication
On the security tab, select the authentication method:
- SSO specific user - via interactive authentication with a single account for all users
- SSO end user - via interactive authentication to Box by each INDIVIDUAL user as the login into Pyramid
- Token - copy the token from the Box application to the Token field. The token is temporary and must be used within a limited time frame.
Service Account OAuth Connections
When using a service account, the authentication is common to all users of the connection. The details of the authentication are contained in a JSON file downloaded from the Box administrative console. It contains details like Client ID and client secret.
User Account OAuth Connections
Another way to connect to Box is via SSO OAuth Authentication. This type of authentication utilizes the user's credentials to connect and authenticate access to a given data source. The process is often used in big organizations that have centralized security and are using one framework to secure all data assets.
Authentication Options for Box
When creating a data source in Pyramid and completing the setup 'card', administrators can select the type of authentication model to use:
- Single Sign-on (OAuth) - Specific User: All users of this data source will share and use Client ID and Client Secret defined here.
- Single Sign-on (OAuth) - End User: Each user will be prompted to sign into Box when starting Pyramid or when connecting to the data source. This is a "one off" event. The user's sign in code will be stored and reused for subsequent data access. Pyramid will automatically refresh this as needed. All users will share the Client ID and Client Secret defined here.
- Token: The admin user must copy the token from the Box application to the Access Token field. The token is temporary and must be used within a limited time frame.
Enabling End User OAuth Authentication
Box requires the creation of Client ID and Client Secret strings that provide in an encoded manner, the information needed to connect to the particular Box data required. These strings are generated through the Box management console and copied and pasted to the relevant dialog boxes on the data card.
Once logged into Box, Client ID and Client Secret strings can be generated from the "Get Credentials" button on this page.
- Client ID: Box Client ID
- Client Secret: Box Client Secret
The Client ID and Client Secret are used by all users to access the Box application. With the drop down set to "Single Sign-on (OAuth) - End User", each user will be prompted to sign into Box for individually authenticated data access.
With the drop down set to "Single Sign-on (OAuth) - Specific User", each user will share the Client ID and Client Secret.
- Sign-In: Use this button to sign into Box to retrieve the Refresh Code
- OAuth Refresh Code: Returned by Box and used by Pyramid to connect to the Box Account.