Slack

Slack is a cloud-based collaboration platform designed to enhance communication and teamwork within organizations. Slack offers channels for structured discussions, direct messaging, and efficient file sharing. With support for diverse app integrations, Slack serves as a centralized hub for streamlined workflows and improved team collaboration.

Below you can find the Aembit configuration required to work with the Slack service as a Server Workload using the Slack apps and APIs.

Aembit supports multiple authentication/authorization methods for Slack. This page describes scenarios where the Credential Provider is configured for Slack via:

OAuth 2.0 Authorization Code

Server Workload Configuration

Create a new Server Workload.

Name - Choose a user-friendly name.

Configure the service endpoint:

Host - slack.com
Application Protocol - HTTP
Port - 443 with TLS
Forward to Port - 443 with TLS
Authentication method - HTTP Authentication
Authentication scheme - Bearer

Credential Provider Configuration

Sign in to your Slack account.
Navigate to the Slack - Your Apps page.
Click on Create an App.

Create an Slack App

In the dialog that appears, choose From Scratch. Enter an App Name and select a workspace to develop your app in.
Click Create to proceed.
After the app is created, navigate to your app’s main page. Scroll down to the App Credentials section, and copy both the Client ID and the Client Secret. Store them for later use in the tenant configuration.
Scroll up to the Add features and functionality section, and click Permissions.
Switch to the Aembit UI to create a new Credential Provider, selecting the OAuth 2.0 Authorization Code credential type. After setting up the Credential Provider, copy the auto-generated Callback URL.
Return to Slack, under Redirect URLs, click Add New Redirect URL, paste in the URL, click Add, and then click Save URLs.
In the Scopes section, under the Bot Token Scopes, click Add an OAuth Scope to add the necessary scopes for your application.
Scroll up to the Advanced token security via token rotation section, and click Opt In.

Add Bot Token Scopes

Edit the existing Credential Provider created in the previous steps.

Name - Choose a user-friendly name.
Credential Type - OAuth 2.0 Authorization Code
Callback URL (Read-Only) - An auto-generated Callback URL from Aembit Admin.
Client Id - Provide the Client ID copied from Slack.
Client Secret - Provide the Secret copied from Slack.
Scopes - Enter the scopes you use, space delimited. A full list of Slack Scopes can be found in the official Slack documentation.
OAuth URL - https://slack.com

Click on URL Discovery to populate the Authorization and Token URL fields. These fields will need to be updated to the following values:

Authorization URL - https://slack.com/oauth/v2/authorize
Token URL - https://slack.com/api/oauth.v2.access
PKCE Required - Off (PKCE is not supported by Slack, so leave this field unchecked).
Lifetime - 1 year (Slack does not specify a refresh token lifetime; this value is recommended by Aembit.)

Click Save to save your changes on the Credential Provider.
In Aembit UI, click the Authorize button. You will be directed to a page where you can review the access request. Click Allow to complete the OAuth 2.0 Authorization Code flow. You will see a success page and will be redirected to Aembit automatically. You can also verify your flow is complete by checking the State value in the Credential Provider. After completion, it should be in a Ready state.

Credential Provider - Ready State

API Key

Server Workload Configuration

Create a new Server Workload.

Name - Choose a user-friendly name.

Configure the service endpoint:

Host - slack.com
Application Protocol - HTTP
Port - 443 with TLS
Forward to Port - 443 with TLS
Authentication method - HTTP Authentication
Authentication scheme - Bearer

Credential Provider Configuration

Sign in to your Slack account.
Navigate to the Slack - Your Apps page.
Click on Create an App.

Create a Slack App

In the dialog that appears, choose either From Scratch or From App Manifest.
Depending on your selection, enter an App Name and select a workspace to develop your app in.
Click Create to proceed.
After the app is created, navigate to your app’s main page. Select and customize the necessary tools for your app under the Add features and functionality section.
Proceed to the installation section and click Install to Workspace. You will be redirected to a page where you can choose a channel for your app’s functionalities. After choosing, click Allow.

Install an app to workspace

Select the OAuth & Permissions link from the left menu.
Click Copy to securely store the token for later use in the tenant configuration. For detailed information on OAuth tokens, please refer to the official Slack documentation.

Copy OAuth Token

Create a new Credential Provider.

Name - Choose a user-friendly name.
Credential Type - API Key
API Key - Paste the token copied from Slack.

Client Workload Configuration

Aembit now handles the credentials required to access the Server Workload, eliminating the need for you to manage them directly. You can safely remove any previously used credentials from the Client Workload.

If you access the Server Workload through an SDK or library, it is possible that the SDK/library may still require credentials to be present for initialization purposes. In this scenario, you can provide placeholder credentials. Aembit will overwrite these placeholder credentials with the appropriate ones during the access process.

Access Policy

Create an Access Policy for a Client Workload to access the Slack Server Workload. Assign the newly created Credential Provider to this Access Policy.

Required Features

You will need to configure the TLS Decrypt feature to work with the Slack Server Workload.