• App Authentication
• App Access
• API Access
• Dynamic DRM
• Cloud Data Discovery

The fields available on the Configuration page are based on the deployment and the protection models you selected.

• For App Authentication -- No configuration details are needed. Click Next to display the summary information.
• For App Access - In the Proxy section, enter:
  • The Enterprise Subdomain for your organization (example: mycompanyinc)

  • One or more Specific Domains used in your organization (for example,

    mycompanyinc.app.box). Click Save to save the list.

• For Dynamic DRM - You must also choose either App Access or App Authentication

  protection models.

• For Cloud Data Discovery -- You must also choose the API Access protection model.
• For API Access - In the API Settings section, enter a valid Admin Email address for the Box account. This address must be for the Admin account and not for a co-admin account.

• Enter names of Internal Domains.

• For API Access - In the Archive Settings section, you can enable archiving of files that were permanently deleted, modified, or otherwise acted on by policy actions. Secure Cloud Access stores archived files in an Archive folder under a CASB Compliance Review folder created for the cloud application. You can review the files and restore them if needed.

  When you change the authorized administrator for a cloud account, if there is any previously archived content in the CASB Compliance Review folder that is owned by the previous administrator, you should share it with the new authorized administrator to enable them to review and restore archived data.

  Three options are available:

• Permanent Delete
  • If you select Remove from Trash, then when a file is deleted (either by a user, or by Secure Cloud Access when implementing a policy), Secure Cloud Access will also permanently delete that file so it can no longer be retrieved from the user’s trash folder.
  • If you select Archive (only available if Remove from Trash is selected), then Secure Cloud Access will also archive a copy of the file in the archive folder (see above). An administrator can review the copy and determine what next steps need to be taken. For more information, see Violation management and quarantine.
• Content Actions - Applies to files that violate a Content Digital Rights policy. When Secure Cloud Access takes action on a file as configured in the policy, it can also perform these actions:
  • If you select Remove from Trash, then when Secure Cloud Access deletes a file because it violated a policy, Secure Cloud Access will also permanently delete that file so it can no longer be retrieved from the user’s trash folder.
  • If you select Archive (regardless of whether Remove from Trash is selected), then Secure Cloud Access will archive a copy of the file in the archive folder (see above). An administrator can review the copy and determine whether additional actions need to be taken. For more information, see Violation management and quarantine.
  • By default, Secure Cloud Access keeps archived files for 30 days. You can change that if needed by modifying the value in the Time to retain archived files field.

• Collaboration Actions - Applies to files that violate a collaboration policy. When Secure Cloud Access takes action on a file as configured in the policy (such as the Remove Collaborator action), it can also archive a copy of the file in the archive folder. An administrator can review the copy and determine whether additional actions are needed.

  An administrator can also decide to undo the collaboration action taken by Secure Cloud Access. For details, see Undo a policy action on files or folders in the Box cloud application.

For API Access, enter the Enterprise ID used to authorize access to Box.

If the administrator has configured an SSO setup, click the Use Single Sign On (SSO) link and enter the credentials to authenticate. Any multi-factor authentication information is submitted.

The Box cloud application is onboarded and added to the list of managed applications in the App Management page.