Multi-Factor Authentication Required for Admin Console Critical Actions

Box adds an extra layer of security to prevent bad actors from performing critical actions in the Admin Console. For certain actions, an Admin or Co-Admin must complete an extra level of authentication before those actions can be completed. These actions are:

When an Admin or Co-Admin performs any of these actions, they will be required to perform multi-factor authentication (MFA) to complete the action, based on the following:

If the Admin or Co-Admin is enrolled in MFA, they will be presented with the challenge based on their authentication method.
If the Admin or Co-Admin is not enrolled in MFA, they will be presented with an email MFA challenge. At this stage, upon completing the challenge successfully, they will NOT be enrolled in MFA.
If the Admin or Co-Admin is SSO enabled, they will be presented with an email MFA challenge.

NoteAfter you enter an MFA challenge correctly, there is a 15-minute grace period in which you can perform other critical actions and not get another MFA challenge.

How-To Guides for Admins

Managing Content

Managing Box Users and Admins

Reporting and Insights

Box Security

Box Admin Reference

Multi-Factor Authentication Required for Admin Console Critical Actions