Security tips to protect your workspace
At Slack, security is our top priority. We care about protecting your privacy and building a service you can trust. We’ve rounded up some tools to help Workspace Owners and Admins keep their workspace secure.
Note: If you have additional questions, or notice suspicious activity in your workspace, please contact us — we’d be happy to help.
Set up two-factor authentication
Two-factor authentication (2FA) is an extra layer of sign-in security. With 2FA enabled, members enter a verification code from their mobile device in addition to their Slack password. Using 2FA ensures that even if a password is compromised, access to Slack won’t be granted unless the person signing in is verified from their device.
Members can choose to enable 2FA if they'd like, but Workspace Owners and Workspace Admins can make 2FA mandatory for members. If your company uses an identity provider, consider upgrading and configuring single sign-on for Slack.
Manage apps with care
By default, all members can install apps to their workspace. Workspace Owners can choose to restrict permissions for how members can install and use apps. Learn more about managing app installation settings.
Note: For internal integrations built by your team, treat the tokens you generate carefully, and never share tokens with other people or applications. Read how to connect your tools to Slack.
Limit access to your workspace
Slack allows for transparency, and sometimes that means sharing proprietary information or sensitive details. Here are some tips to ensure only the right people have access to information in your workspace:
-
Only invite people you know
By default, Workspace Owners, Workspace Admins and members can send invitations. To control who's invited, you can require admin approval for all invitations. If you do allow members to send invites, review pending and accepted invitations periodically. - Verify email domains
Workspace Owners and Workspace Admins can set a signup mode for your workspace to allow anyone with an approved email domain to automatically join their workspace. Verify that you own any email domains you’ve approved for your workspace. -
Deactivate members’ accounts who no longer need access
Change is constant, and people come and go. Don’t forget to deactivate a member’s account when they leave. Workspace Owners on the Business+ and Enterprise Grid plans can streamline deactivation with an identity provider using SCIM provisioning. -
Use Slack Connect to work with external people
To work with external people who don’t need access to all the information in your workspace, you can use Slack Connect. This lets you collaborate securely in channels and direct messages, each from your own workspaces. -
Use guest accounts and limit the channels they're invited to
Some members of your Slack workspace (like contractors, interns, or clients) may only need access to certain channels. Guest accounts are a great way to manage who has access to the information they need in your workspace. -
Manage email display
Members can find each others' email addresses in their profiles, but some people may prefer to keep this info private. Workspace Owners and Admins can choose if members’ email addresses are displayed in their Slack profiles.
Set session duration
On the Pro, Business+, and Enterprise Grid plans, owners and admins can limit how long their members are signed in to Slack by setting a session duration.
Understand Slack usage
- On paid plans, Workspace Owners can view analytics and usage for insight into how members use Slack.
- On the Enterprise Grid plan, monitor audit events with audit logs. Using the Audit Log API, you can set up monitoring for anomaly events to help surface unexpected app and user behaviors.
- To optimize alerting capabilities in your Slack workspace or Enterprise Grid organization, we recommend using a Security Information and Event Management (SIEM) or a Security Orchestration, Automation, and Response (SOAR) tool.