Versions Compared

Version Old Version 1 New Version Current
Changes made by

Lee Raymond

Andrew Levine

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

Please note that this documentation @ time of writing (10-15-2012) is to begin to build the support environment for Box.net and is not intended for rolling out the service at this time. If you are a member of the IT community and would like to be a pilot tester, simply follow the initiation steps below to provision an account. - Lee

About

Tufts University entered into an Internet 2 agreement with Box.net to provide cloud storage for faculty, staff, and students. This service is not expressly licensed for clinical affiliates or contractors, but is seat-licensed for anyone pertaining the following:

  1. Tufts Username, Tufts Password
  2. A first.last@tufts.edu email alias

The Terms of Service describes the legal agreement with Box.net.

Authentication

Tufts is using ADFS 2.0 Shibboleth to provide a single sign-on experience for users of Box.net cloud storage. We elected to go with ADFS for several reasons:

  1. ADFS represents a federated authentication service that will represent not only trusting within tufts, but eventually trusting external organizations also tied to the ADFS environment
  2. ADFS (as opposed to Shibboleth, another federated authentication service Tufts supports) ties directly to active directory. Although Box.net does not currently support OU or Security group mapping in a way that Tufts would leverage, the synergy options in the future to provide storage tied to active directory organizational units is an opportunity we wanted to leave open

By using ADFS 

By using Shibboleth, users of the tufts service will be able to continue to use their Tufts Username and Tufts Password to access services that they use most frequently, which will maintain as consistent an experience as possible for our users here at Tufts.

Alternative Login

Some third party applications that use Box might not allow for SSO logins. To get around this, a user must create an additional password on their account.

This can be done by having the user browse to their Account Settings and select the Change Password link under the Authentication section. This will create an additional password for the user to login using their Tufts email and this additional password.

Access & Account Creation

Account Creation
Box.net is configured to allow anyone to self-service provision their Box.net account using their Tufts Username and Tufts Password.

To create an account, simply direct a user to visit tufts.box.com /join for provisioning an account . During the pilot testing you will set a local password. Once the account is created follow the "Access" steps to use the tufts username and tufts password to log in.using your Tufts Username and Tufts Password

Account Access
To log in to box.net, please visit tufts.box.com/login . This will prompt you to "Connect" and utilize your Tufts Username and Tufts Password.

If at some point during the pilot it becomes necessary to access your Box.net storage with your local password made during setup, please select "Log in using Box Credentials" from the login screen and you will be able to do that. Please note that once the pilot is over you will only be able to access Box accounts using your Tufts Username and Tufts password, we will retire the ability for local passwords to exist.

Account Details

The following are the settings specified when an account is created:

Requirements

  1. Must use first.last@tufts.edu as their login address
    • May not change their address after account creation, will require an administrator if their name changes
  2. Must have an eligible AD account in the tufts.ad.tufts.edu domain
  3. Must have a functioning password for active directory, and will observe the same lockout/eligibility behavior
  4. Local passwords must be 8 characters, with a number, special character, uppercase letter.
    • No minimum or maximum password age, no password history

Created Accounts

...

  • Unlimited "Box Sync" applications (options are 0,1,2,3,unlimited)
  • Unlimited phone applications (options are 0,1,2,3,unlimited)
  • Unlimited tablet applications (options are 0,1,2,3,unlimited)
  • Unlimited browser applications (only option)

...

.

...

  • Co-Owner (full control)
  • Editor (Read/Write)
  • Viewer/Uploader (Read/Upload, no write/overwrite)
  • Viewer (Read, Download, no write)
  • Uploader (Upload only, no read, no write.)

...

  • Previewer/Uploaded (upload and read only)
  • Previewer (view only, no download)

...

  • On upload, Comment, or delete for folders they own
  • upload and comment for folders they've joined
  • Users can specify broader or stricter notifications settings at their account level

...

  • We are assessing increasing this. Administrators right now are instructed not to increase above 4gb

...

Applications

Box.net allows a number of applications