U of I Box, Active Directory Group Sync

What is Box Active Directory Group Sync? How can I request my Active Directory group be synchronized to U of I Box?

If your unit or team already users Active Directory (AD) groups to manage access to IT resources, you can now synchronize your AD groups' membership to Box. When members are added to or removed from an AD group, they will also be added or removed from an associated Box group. Nested AD groups are supported.

With Box Groups, you can add multiple users to content stored in Box quickly and easily. When a user is added to the group, they gain access to content the group already has permissions to. When a user is removed from the group, they will lose access to content shared with that group.

Box Groups are added as collaborators to files and folders, just like an individual user.  All members of that group will have the permissions granted to the group. See Inviting Collaborators and Understanding Collaborator Permission Levels for more details.

Please note: By default, you need to be in the AD group to be able to see the synced AD group. If you're not in the AD group, the AD group will not appear as an option to share. To allow sharing by people outside the group, be sure to request that it is universally visible.

Requesting Group Synchronization

We require a few pieces of information to get started synchronizing your AD group to Box. Please send the following information to consult@illinois.edu:
  1. The full distinguished name of the Active Directory group (example: CN=Project Team,CN=admin,DC=corp,DC=Fabrikam,DC=COM)
  2. A requested display name for the group in Box.  This should be specific and include a reference to your unit or department.
  3. If you would like the group to be universally visible or not. If the group is not universally visible, only members of the group will be able to share with it.

Frequently Asked Questions

Who can invite my Box Group to collaborate? Can someone outside the group invite the group?

Box Groups are only visible to members of the group by default. They can be made visible to all members of our U of I Box domain by request.

Personal accounts and accounts outside our enterprise cannot invite groups to collaborate.

My team members are not all included in the Box group. Why is that?

Box Groups can only contain members of our U of I Box enterprise.  Please have them verify their account type is Enterprise in Account Settings. Contact consult@illinois.edu to join the enterprise.

How often does the synchronization process run?

The synchronization process runs twice daily, scheduled for 12pm and 6pm. The frequency may be changed in the future if needed.

Are nested AD groups supported?

Yes, our process reads the membership of nested AD groups.

Will group members receive email notification when the group is added to content?

No, group invitations do not trigger email notifications. The user will be notified of new collaborations on their next visit to Box Web.






Keywords:
UofI Box Active Directory AD permissions groups 
Doc ID:
48071
Owned by:
Box O. in University of Illinois Technology Services
Created:
2015-03-03
Updated:
2024-05-03
Sites:
University of Illinois Technology Services