Adding additional Box co-admins splits up the API calls. It improves the Box Securlet API call processing and reduces Box throttling as well as CI latency
Note: The CloudSOC SysAdmin does NOT need the Box Admin to join in Webex to make these changes.
Box Admin only needs to create the two new Box Co-Admin Users with correct Privs and provide the CoAdmin Account IDs to the CloudSOC SysAdmin
Many Vendors, including Box, add throttling or rate limiting to their APIs to protect their infrastructure/resources from getting over-loaded
Component : CloudSOC Box Securlet
Engineering added a new feature to Box Securlet where Clients can add dedicated Event Processing Co-Admin and dedicated Remediation Co-Admin to split up the API load
Both Box Co-Admins need to have these permissions at a minimum:
Manage users - Manage groups - View users' content - Edit users' content - Log in to users' accounts - View settings for your company - Edit settings for your company - Run new reports and Access existing reports
This is how the Co-Admin User privs would look like in Box User Configuration:
When Admin has created the two Box Co-Admins - Admin can Login as each Box Co-Admin to get their Account IDs.
For example Log in to Box as new User - CoAdmin1”
Click on the Icon in upper right corner near Username.
Then click on “Account Settings”
Scroll down and each Box Coadmin will have a unique Account id that looks like this:
17002403814 <– Enterprise Box CoAdmin1 Account ID from CoAdmin's profile
Repeat procedure – Logging in as CoAdmin2
17002330372 <– Enterprise Box CoAdmins Account ID from CoAdmin's Profile
Provide these two CoAdmin IDs to the CloudSOC SysAdmin
SysAdmin - In CloudSOC Store / Securlets / Box – Click on “Configure”
In order for this to function you would still have original Box Admin Account that activated the Securlet & two new Co-Admin Accounts
Click edit on the Box Securlet Config page shown below and add the two new CoAdmin Account ID's in the two (optional) fields below:
Once the two new Account IDs are added it will look like this.
Note: Account Name field does NOT need to be changed - Only add the two optional Account IDs for CoAdmins
Click “Save” and you should see a pop up in upper right corner like this for about 5-10 seconds.
Now Box Securlet will be splitting the API calls three ways.
Note: Box co-admin accounts do not have permissions to process the primary Box Admin account's activities. Therefore, any activities the Box co-admin accounts process for the primary Box Admin will be denied and sent to a queue where the primary Box Admin will process those activities itself.