This article outlines the cause and provides a solution for the following Box.com error that might occur during deprovisioning events:

Could not transfer files: 403 - Cannot transfer files from/to higher privilaged accounts

• Okta Integration Network
• Box.com
• Provisioning

This error occurs during the Box.com file transfer process when a user is deactivated via Okta. The issue stems from permission restrictions that prevent file transfers involving accounts with higher privilege levels, which are set by the vendor.

Content transfers are generally restricted to managed users or the initiator's own account. While Admins possess the authority to transfer content across all user types, Co-admins cannot move files from accounts with superior administrative rights. When a Co-admin attempts to transfer data from an Admin or a higher-privileged account, these security protocols are triggered, resulting in the error.

The resolution requires the use of a Box.com account with full administrative privileges to facilitate transfers from higher-privileged accounts. This can be addressed at the user level by authenticating as an Admin within the Box.com application to manually transfer files for the impacted user.

Alternatively, to resolve the issue at the application level, the service account used for provisioning must either be granted Admin permissions or re-authenticated under Provisioning > Integration using an account with the necessary administrative rights.

For information regarding administrative role configuration or additional inquiries, contact Box.com Support, as the error is generated by the application.