I'm using the Box API SDK for .Net, and trying to set it up to use JSON Web Tokens instead of OAuth2.
When I instantiate the BoxConfig object I need to provide the Enterprise ID:
var config = new BoxConfig( clientId, clientSecret, enterpriseId, jwtPrivateKey, jwtPrivateKeyPassword, jwtPublicKeyId );
Seeing some conflicting information:
The GitHub page for the Box Java SDK says the Enterprise ID is
on the developer console, but I don't see it there.
The Box API help page for App Auth says it's in the Admin
Console, but I don't see it there either.
Can someone point me to where, specifically, I could find the Enterprise ID?
You can find the Enterprise ID by going to the Admin Console -> Click the gear in the top right -> Click Business Settings (It may say Enterprise Settings or Elite Settings based on the account level). Under the Account Info tab you can see your Enterprise ID.
You can also get directly to that page by going to
https://www.box.com/master/settings while logged into the account. Note that only enterprise admins / co-admins with sufficient permissions will have access to that page, otherwise it will redirect to the account settings. In this case, you would need to contact your enterprise admin to get this Enterprise ID.
It appears that the Enterprise ID is embedded on most pages, even the /files page. It can be accessed by opening the browser's console and entering in window.initialConfig["enterpriseId"] or console.log(window.initialConfig["enterpriseId"]);.
Even though that will give you the Enterprise ID the application will still need to be approved by an Enterprise Admin.
You can find this in the Developer Console for your app under "Configuration" > "App Settings" where you will see a JSON representation of your App Settings JSON file that you can also download. The Enterprise ID is the enterpriseID property.
Related
Hello,
I have web-app at Google cloud Platform at Kubernetes engine, using it/accessing it through Identity-Aware Proxy restricting it through Access Context Manager which Google cloud platform provides.
Trying to allow access through chrome browser only to user with a] restricted/limited number and type of chrome browser extensions, b] approved device and c] possibly specific G-Suite account.
Initial accomplishment of this goal is not hard:
c] you can set in Identity-Aware Proxy access role IAP-secured Web App User per user (identity)
b] you can can create access level in Access Context Manager which require approved device (which require endpoint verification extension installed)
a] you can limit extensions for G-suite user chrome profile in admin.console without any problem (or need of browser enrollment)
This would be example of easy to make solution of given problem, but here is problems, possible solution and finally where i'm in need of advice.
User can log in into custom chrome browser profile, avoid extension installment restriction (restrictions/policies are applied base on G-suite chrome profile) and then log into G-suite account on google.com and be granted access through Identity-Aware Proxy (access is given not based on profile of chrome but base on account you are logged in google.com)
Solution for this problem would be to enroll browser, policies wouldn't be given per G-suite profile in chrome but per browser. It brings another problem
User can un-enroll chrome browser at any-time
This is currently my death end, thinking only way out is if there would be in Access Context Manager check for chrome profile or chrome enrollment.
Possible Hints:
I was told to buy chrome enterprise licence and allow log in only on enrolled browsers https://support.google.com/chrome/a/answer/7572556 , just from article its not clear for me it would solve my problem
number of options in Access Context Manager is very poor, maybe missing some licence ?
create extension which would check browser profile and restrict access to the web-app by presence of this extension and G-suite profile in chrome
Thank you.
I was told to buy chrome enterprise licence and allow log in only on
enrolled browsers https://support.google.com/chrome/a/answer/7572556 ,
just from article its not clear for me it would solve my problem
If I'm understand correctly your biggest problem is that user can stop using Chrome and go with another browser. By using Chrome Enterprise you force your users to use Google Chrome to even login into their accounts on corporate managed devices
number of options in Access Context Manager is very poor, maybe
missing some licence ?
There aren't any license options for Access Context Manager, if you are looking for more settings in this feature I encourage you to open a Feature Request with Google
create extension which would check browser profile and restrict access
to the web-app by presence of this extension and G-suite profile in
chrome
This option will do the trick you can even force install Chrome extensions
if i just copy the jira wallboard url and paste it into an iframe the content is obviously not displayed because you need login permission to see the Jira wallboard.
How can i display urls which are cross browser protected by a login?
I came across the OpenID authentication but i just dont understand a word.
Regards
151
You can open up the System Dashboard to anonymous users (people not logged in) to bypass the requirement to login: edit the "Browse Projects" permission to include the group "Anyone" (Issues -> Permission Schemes) and edit the Permission Scheme of the projects whose content is included in the System Dashboard. You can edit the System Dashboard itself in System -> System Dashboard (under heading User Interface).
Unfortunately at the moment it seems there's some problems with viewing wallboards or dashboards in Jira 7, but you can see if it works for you.
I'm using free Google Apps subscription and I've published self-made extension in Chrome Store. Also, I need to restrict access to that extension to only my domain users.
I tried to follow Google manual, but I couldn't get access to 'Device management > Chrome management' (got an unexpected redirect from 'Device management' page to Apps list while clicking on 'Chrome management' link) and there was no option 'everyone at mydomain.com' into extension 'Visibility section' — only 'trusted testers'.
So, maybe it's because of my free subscription or it's Google Apps issue or I do something wrong?
No, That feature (and process) is only available for Google Apps for work and Education accounts.
However, you can try to restrict access to your chrome extension (using your free account) before publishing it to public by publishing it to test accounts.
Publishing to test accounts
When you publish to test accounts, your app’s store listing only appears to you and any users who are logged into these test accounts that you specify. Your app won’t appear in search results, so you’ll need to give testers a direct link to your app’s listing. Testing also gives you a chance to see how the license server integrateswith your app if you plan to charge your it using Chrome Web Store Payments.
To edit your list of accounts, click Edit your tester accounts. You can enter single accounts, or create a Google Group so that this set of users can test your app. See the section below to learn how to set up Group Publishing.
Once you’re ready to publish, click Publish to test accounts.
You’ll need to unpublish the app if you want to publish to the world later.
I built some widgets and uploaded on my local marketplace, is there a way to share that?
And better is it possible to share a Mashup (the widget composition) without giving the
possibility to wiring to the user?
I mean the user should use an application layout without change anything.
You can make public your workspaces/dashboards following the steps documented in the user guide. Only the owner of a workspace will be able to modify it. I think this is what are you searching for.
Another option is to create a packaged mashup using the "Upload to my resources" option in the editor view:
Take a look to the "Advanced" tab, where you can block widgets (make them unremovable), block connections (make wiring connections unremovable) and embed used widgets/operator (by default packaged mashups depends on the user having installed all the required widgets/operators. This way you can distribute the widgets and operators used by the mashup in the same package).
However, take into account that this method is meant for sharing mashup templates, the user will always be able to add additional widgets and create new connections in the wiring view.
Once packaged, mashups/dashboards (and widgets and operators) can be uploaded to a WStore server (e.g. to the Store portal provided on FIWARE Lab) for sharing them with other users. The steps for making this is also described in the WireCloud's user guide.
I have the problem, revisited.
I have set up a working Marketplace instance (v2.3) but am unable to integrate it with Wirecloud. The marketplace is correctly registered but all the requests i am making to this Marketplace are throwing 502 error, even though i am actually able to see some results when querying the Marketplace server through a browser.
Indicatively, i can issue a GET command at http://:8080/FiwareMarketplace/v1/registration/stores/ and get an answer, but Wirecloud's internal APIs return a 502 (Bad Gateway).
Any idea on what might have gone wrong?
PS: This happens for WC v0.6.5. When upgrading to a newer (Beta) version of WC, everything seems to be performing as expected, i.e. the marketplace is correctly inserted and the stores are correctly retrieved and processed.
I reviewed the Box authentication documentation as well as the other StackOverflow questions but I'm still unable to find definite answer.
My client is an enterprise Box client and would like to build a company's internal web application that would login into Box.com using service/admin account and create folder and upload a file. The uploaded folder will be available to specific customer that will login into Box and upload additional files.
I created a sequence diagram to depict the same.
Would you let me know if this is a supported Box authentication model? Can the Box 2.0 Beta API Token be used to login as service account and create file/folder/share?
Thanks for your help!
There are several options that could work for you. Let me suggest the simplest one first, and if that is not sufficient, then I can suggest other ways to accomplish your goal.
You can use the regular Box authentication for your solution. To do so, simply get an API key and an auth-token for your application. Then, after you have uploaded your file, use the V2 API to create a shared link for your file. You can email that shared link to the client, and they can use the link to access the file.
there has been new developments since this question was posted, and now it's possible to use JWT (JSON Web Token) and Box Developers Edition to access Box.
If you create a developer account you will be able to create App users and login using an enterprise id and a private key file. Check out the docs for more information: Box Developer Edition
Additonally, boxsdk comes with support for Box Developer Edition