Box Integration with Grip Security - Posture (SSPM)

New
  • Updated on Sep 28, 2025
  • 1 minute(s) read
  • nT
 Prev Next

Overview

The Box integration with Grip’s SSPM module enables Grip to assess critical security settings related to access control, data loss prevention, and additional aspects within your Box environment.  

The connections consist of 2 steps:

  • Create SSPM Grip app in Box

  • Connect the Box SSPM app to Grip

Prerequisites

To connect Box to Grip SSPM, you must have an admin or co-admin role with the "Run new reports and access existing reports” permission enabled. If you are a “co-admin,” ask your admin to verify if this permission is active.

Create a Box app

From the Box Dev Console, click “Create Platform App” (1)

  • Select the “Custom App” option (2).

  • Fill in the mandatory fields:

  • App Name (3)

  • Purpose (4) – Select “Integration.”

  • Categories (5) – Select “Security & Compliance.”

  • Which external system… (6) -  Enter “Grip.”

  • Please specify (7) - Enter the name of your business entity

  • Click on “Next.”

  • Select an Authentication method (8)  - User Authentication (OAuth 2.0)

  • Click “Create App.”

An indication for the new app will display

  • Copy the Client ID & Client Secret (9)

  • Enter a Redirect URL (10) - Enter your Grip domain name after the “https://” (https://{client_domain_in_grip}.integrations.grip.security/oauth/callback )

For example, in this URL, https://acme.dep.grip.security/, the {client_domain_in_grip} will be - acme.

  • Scroll down to “Application Scopes” and select the following scopes:

    • Read all files and folders stored in box

    • Manage users

    • Manage groups

    • Manage retention policies

    • Manage enterprise properties.

  • Click “Save Changes.”

Connecting Box to Grip SaaS Security Posture Management.

  • From the Grip portal, go to “Posture” >> “Add Tenant(1)  

  • Click on “Box(2)

In the “Add a New Box Tenant”, fill in the details: (3)

  • Enter a “Display Name”  

  • Paste the data copied from the previous steps, Client ID, and Client Secret.

  • Click on “Continue

The “Connect Box(4) indicates that to complete the integration, you need to sign in to Box with your username and password or send a URL to the Box admin.

  • If you lack the necessary permissions, copy the link to share with the Box admin (5). Once approved by the admin, the tenant will be connected.

  • If you have the admin's username and password, click “Grant access to Box" (6).

  • Once connected, the Tenant will be added to the “Connected Tenants” list.

  • Click the tenant to see and filter your policy statuses, assess your security posture, and begin fixing it. 

Related articles