Box app integration fails during OAuth with an error “Disabled by Administrator”

1. Attempting Integration with Box App.
2. During OAuth2 consent process the popup error “Disabled by Administrator” is displayed.

Aperture by Palo Alto Networks is currently disabled by your Box administrator. 
If you have any questions, please contact your administrator at <Box admin email>
Client ID: ######################
If you are the developer or administrator of this integration, please check its status in your Box Developer Console. 

• Data Security / CASB (Cloud Access Security Broker)
• Enterprise DLP 
• Box app subscription with a full admin service account 
• Super user admin on Data Security

Some Box subscription or distro by default enforce restrictions where third party integration fail due to permission restrictions even for a “full admin”. 

The following steps are required to resolve the issue:

1. Box has published a KB article on the error “Disabled by Administrator” where it requests admins who do third party integration to define a platform app with all required permissions.
2. After defining the platform app for the Box “client ID” which can be (a) listed in the error popup (b) HAR file: look for packet that lists client id.
3. After defining platform app, some time re-auth is requires and sometime not required.  
4. Once all the above steps are completed, Box app connector starts to scan existing assets as well as new assets