Slack
  • 07 May 2024
  • 6 Minutes to read
  • Dark
    Light
  • PDF

Slack

  • Dark
    Light
  • PDF

Article summary

Slack is a chat and collaboration hub used to connect people, information, tools, and services.

AttributesCybersecurity Asset ManagementSaaS Management
Service Account Required?YesYes
Service Account PermissionsAdministratorWorkspace Owner or Org Owner
Required Adapter FieldsHost Name or IP Address, Authentication Token,Host Name or IP Address, Authentication Token, Account Sub Domain, User Name and Password, MFA Secret

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Users
  • SaaS data

Parameters

The parameters that you need to fill out will differ based on the capabilities in your Axonius platform. 'General' pertains to users with Cybersecurity Asset Management and/or SaaS Management capabilities.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

SlackAdapter

General

  • Host Name or IP Address (required) - The hostname or IP address of the Slack server.
  • Authentication Token (required) - An Authentication Token associated with a user account that has the Required Permissions to fetch assets. For instructions on generating the Authentication Token, see admin.users.list.
  • Enterprise Grid Organization - Select if you are using the Slack Enterprise Grid Organization solution. This allows Axonius to fetch data from all workspaces associated with the authentication token.
  • Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
  • HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Host Name or IP Address.

SaaS Management

  • Account Sub Domain - The Slack account's sub domain (<sub_domain>.slack.com).
  • User Name and Password - The credentials for a user account that has the Required Permissions to fetch assets.
  • MFA Secret - If you access Slack through an SSO solution that requires multi-factor authentication, you will need to generate a secret key in that solution and paste it here. See instructions for performing this action in Okta, Google, or Microsoft.

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  • Fetch deleted users (required, default: true) - Select this option to fetch deleted users. When cleared, only active users are fetched.
  • Fetch user conversations - Select this option to fetch Slack conversations.

APIs

Axonius uses the Slack Web API.
To fetch conversations Axonius uses the following APIs:

Required Permissions

To Fetch data from Slack, the app you create for this purpose needs the following scopes:

  • channels:read
  • groups:read
  • mpim:read
  • im:read
  • users:read
  • users:read.email

For users with SaaS Management capability
In additions to the permissions listed above, users with SaaS Management capability must also add the following permissions:

  • admin.analytics:read
  • admin.apps:read
  • admin.barriers:read
  • admin.conversations:read
  • admin.invites:read
  • admin.teams:read (only for Enterprise Grid Organization editions)
  • admin.usergroups:read
  • admin.users:read
  • auditlogs:read (only for Enterprise Grid Organization editions)
  • calls:read
  • links:read
  • team.billing:read (only for Enterprise Grid Organization editions)
  • team:read (only for Enterprise Grid Organization editions)
  • users.profile:read

For Sending a Message to a Slack channel via the Enforcement Center

  • Bot tokens - chat:write
  • User tokens - chat:write, chat: write:user, chat:write:bot
    For more information, see Slack - Send Message to Channel

For Suspending a Slack User via the Enforcement Center

  • Requires an OAuth token with admin scope
    For more information, see Slack - Suspend User

Also, the Slack user that you use for this adapter must be either Workspace Owner or Org Owner, and the user requires access to the following URLs:

  • https://{sub_domain}.slack.com/admin/billing
  • https://{sub_domain}.slack.com/admin/settings
  • https://{sub_domain}.slack.com/admin/auth
  • https://{sub_domain}.slack.com/apps/manage/settings

Adapter Integration Setup

Create a User Account

NOTE

It is recommended for the username and password to be derived from a newly created user account dedicated for the usage of Axonius. Retrieve the username and password from that user account.

  1. Login to Slack as a Workspace or Org Owner.
  2. Navigate to Settings & administration > Manage members and then click Invite People.
  3. In the modal window, add an email, set Invite as to Member and click Send.
  4. Copy the email.
  5. Back in Axonius, paste the email in the Username field.
  6. In Slack, complete the process required to activate the user. When setting the password, please ensure its length is at least 32 characters long.
  7. Copy the password.
  8. Back in Axonius, paste the copied password in the Password field.
  9. Return to Slack's Manage Members pane. Find the newly created user, click the ellipsis button, and then click Change account type.
  10. Select either Workspace Owner or Org Owner, and then click Save.
  11. Ensure that the user has access to the following URLs:
  • https://{sub_domain}.slack.com/admin/billing
  • https://{sub_domain}.slack.com/admin/settings
  • https://{sub_domain}.slack.com/admin/auth
  • https://{sub_domain}.slack.com/apps/manage/settings

Set Permissions

NOTE

This adapter supports all editions of Slack, but some of the steps outlined below are only relevant for accounts with the Enterprise plan. Non-Enterprise accounts don't require permissions to fetch Teams data.

  1. Login to Slack as a Workspace or Org Admin.

  2. Create a new Slack app. Your app will need to be able to handle a standard OAuth 2 flow.

    1. Click Create New App.
    2. In the new app window, click From scratch.
    3. Enter an App Name and select your workspace.
  3. In the app's settings, select OAuth & Permissions from the left navigation. Scroll down to the section titled Scopes and add the following User Token Scopes:

    • channels:read
    • groups:read
    • mpim:read
    • im:read
    • users:read
    • users:read.email

    In additions to the permissions listed above, users with SaaS Management capability must also add the following permissions:

    • admin.analytics:read
    • admin.apps:read
    • admin.barriers:read
    • admin.conversations:read
    • admin.invites:read
    • admin.teams:read (only for Enterprise Grid Organization editions)
    • admin.usergroups:read
    • admin.users:read
    • auditlogs:read (only for Enterprise Grid Organization editions)
    • calls:read
    • links:read
    • team.billing:read (only for Enterprise Grid Organization editions)
    • team:read (only for Enterprise Grid Organization editions)
    • users.profile:read

For Sending a Message to a Slack channel via the Enforcement Center

  • Bot tokens - chat:write
  • User tokens - chat:write, chat: write:user, chat:write:bot
    For more information, see Slack - Send Message to Channel

Create an Authentication Token

  1. In the app's settings, select Manage Distribution from the left navigation.
  2. Under the Share Your App with Other Workspaces section: https://localhost
    1. Expand the Add OAuth Redirect URLs section, and add a redirect URL
    2. Expand the Remove Hard Coded Information section, and select the checkbox to confirm any hard coded information has been removed.
  3. Click Activate Public Distribution.
  4. In the Share Your App with Your Workspace section, copy the Sharable URL and paste it into a browser to initiate the OAuth handshake that will install the app on your organization.
    If you are running Slack Enterprise Grid Organization, you must be logged in as an admin or Owner of your to install the app.
  5. Check the dropdown in the upper right of the installation screen to make sure you are installing the app on the organization, not an individual workspace within the organization.
  6. Once the application is authorized, the URL in the address bar contains a 'code' parameter. Copy the value of that parameter.
  7. Retrieve the Client ID and Client Secret from the General Information section for the application.
  8. Enter the copied 'code' value and the retrieved Client ID and Client Secret values in the following curl command:
    curl -vLk -F code=CODE_VALUE -F client_id=CLIENT_ID_VALUE -F client_secret=CLIENT_SECRET_VALUE https://slack.com/api/oauth.v2.access
  9. Copy the resulting token.
  10. Back in Axonius, paste the token in the Authentication Token field.

Grant Access on Specific Workspaces

This process is also specific for Slack Enterprise Grid Organization Solution to allow for fetching conversations from Slack.

  1. Go to the following link, where {GRID_SUBDOMAIN} is the actual Grid subdomain: https://{GRID_SUBDOMAIN}.enterprise.slack.com/manage/organization/apps/profile/{{APP_ID}}
  2. In the upper-right corner, Click Manage and select Add to more workspaces.
  3. Select the Default for future workspaces checkbox.
  4. On the left, select ALL the workspaces.
  5. Click Next.
  6. Click Next again.
  7. Select the I’m ready to add this app checkbox, and then click Add.
    It may take a few minutes to add the app to all the Grid workspaces.

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.