This guide is aimed at helping users understand how to integrate SendSafely into your organization’s Slack workspace.
- Please note that SendSafely is not in the Slack marketplace, the instructions below are for configuring a private app listing into your Slack workspace
- Ensure you have admin workspace privileges for installing a private app in Slack
- Ensure you are an admin in your SendSafely portal
- Only one instance of the SendSafely app may be installed in the same workspace, if you have previously installed other versions, please uninstall before continuing
Instructions
It is recommended you have two browser tabs open for these steps.
1. Configure Slack App in SendSafely (Browser tab 1)
a. Open a new browser tab ('browser tab 1') and log into SendSafely (you must be a SendSafely Admin).
b. Click on 'Apps and Integrations' from the account dropdown menu
c. Find the SendSafely for Slack tile Click 'Configure'
d. Click on the "Copy Manifest" button under Step 1 to copy the app manifest to your clipboard. You will need this in Step 2 below.
e. Leave browser tab 1 open and proceed to step 2 below.
2. Generate SendSafely App in Slack (Browser tab 2)
a. In a new browser tab ('browser tab 2') - Go to https://api.slack.com/apps
b. Click on ‘Create New App’
c. Select the 'From a Manifest' option.
d. Select the workspace you would like to install SendSafely in
e. Paste the app manifest copied to clipboard in step 1d above into the open input tab 'JSON'. (You will replace the pre-populated "Demo App" example.) Click Next.
f. Verify the summary information is correct and click 'Create'
g. Slack should redirect you to the Basic Information Tab
Scroll down on the Basic Information tab to the Display information section and click '+Add App Icon'. Upload the SendSafely padlock logo below.
h. Scroll back up to the App Credentials section of the Basic Information page. Note the App ID, Client ID, Client Secret, and Signing Secret, you will need this for step 3 below.
i. Leave this tab open and proceed to step 3 below
3. Link Slack App to SendSafely account (Browser tab 1)
a. Return to browser tab 1 and click continue.
b. Copy and Paste the information from browser tab 2 and click 'Install'
c. Slack will request the following permissions be granted to SendSafely for Slack. Click 'Allow'. The SendSafely for Slack app is now available to team members.
User Permissions
Once installed by an Admin, Slack users can launch the SendSafely app using the /SendSafely command in any Slack message or channel. The first time a user launches the SendSafely for Slack app, they will be asked to grant limited Slack permissions to SendSafely.
SendSafely uses these additional user level permissions to obtain the email address of members in the message or channel. The email address is only used to authenticate recipients via a one time pin code sent via email.
This multi-level approval (admin + individual approval) is required by Slack for apps that request access to sensitive information, such as channel member’s email addresses. While an admin initially approves the app for Workspace installation, that approval does not grant access to the email addresses in an individual's direct message or group conversation. If a user wishes to use SendSafely’s Authenticate Recipient feature (which requires access to conversation member’s email address), they must individually grant our app permission to do so. Note: those permissions only provide SendSafely with meta-data on the conversation (such as the members of the conversation). It does not allow the app (or SendSafely) access to the actual messages. Once a user grants this permission they will not be prompted again.
If users deny this request, they can still use SendSafely, but the recipient authentication option will be unavailable.
Using SendSafely with Slack Connect
Slack Connect is used to communicate with users in external Slack Workspaces (i.e. Workspaces owned by other organizations). The SendSafely Slack app can be used to post secure messages to these External Connections.
Please note that SendSafely's 'Authenticate Recipients' feature requires those external Slack Workspaces allow outside organizations to view member email addresses. If your External Connection does not allow email address to be shared, the SendSafely Recipient Authentication feature will be disabled. Senders can still secure their message with access limits.
For reference, email sharing with external organizations is controlled in the Slack Admin Settings as shown below.
Appendix:
An example of the app manifest generated in step 1d is shown below.
{
"display_information": {
"name": "SendSafely for Slack",
"description": "Send secure messages over Slack using end-to-end encryption.",
"background_color": "#022369",
"long_description": "Send secure messages over Slack using our company's SendSafely portal. Messages are protected using end-to-end encryption and are only visible to members of the channel or conversation they are sent on."
},
"features": {
"bot_user": {
"display_name": "SendSafely for Slack",
"always_online": false
},
"slash_commands": [
{
"command": "/sendsafely",
"url": "https://yourcompany.sendsafely.com/slack/",
"description": "Launches SendSafely message encryption",
"should_escape": false
}
]
},
"oauth_config": {
"redirect_urls": [
"https://www.sendsafely.com/slack/install/"
],
"scopes": {
"user": [
"groups:read",
"channels:read",
"im:read",
"mpim:read"
],
"bot": [
"commands",
"users:read",
"users:read.email"
]
}
},
"settings": {
"org_deploy_enabled": false,
"socket_mode_enabled": false,
"token_rotation_enabled": false
}
}
Comments
0 comments
Article is closed for comments.