If you’re an IT administrator, this guide will show you how to approve Slack workspaces using an SSL proxy within your corporate network. By limiting connections, you can prevent anyone on your network from signing in to workspaces that are not approved.
What you can approve for your network
A Slack workspace (not within an Enterprise Grid organization)
An Enterprise Grid org and all of its connected workspaces
What to expect
IT administrators can configure an on-premises or cloud-based proxy server to intercept traffic to slack.com. The proxy inserts new HTTP headers (X-Slack-Allowed-Workspaces-Requester and X-Slack-Allowed-Workspaces)that list the workspaces your employees can access.
Once enabled, your team will be able to access the approved org or workspace(s) and continue using Slack normally. If anyone tries to sign in to a workspace that isn’t on the approved list, they’ll see an error message.
How to approve workspaces for your network
Check your proxy server: Make sure your proxy server supports SSL interception. We recommend referring to your product or service for details on how to configure the HTTP header.
Identify org IDs or workspace IDs: Reach out to your Customer Success Manager or contact us to get a list of your org and workspace IDs.
Configure the following 2 HTTP headers:
Header 1: Add the header X-Slack-Allowed-Workspaces-Requester and set its value to the workspace or org ID representing your Business+ or Enterprise Grid account. If this isn't done first, the next header won't work. There should only be one ID added for this value, even if you're adding multiple workspace or org IDs for Header 2.
Header 2: Add the header X-Slack-Allowed-Workspaces and set its value to a comma-separated list of allowed workspace and/or org IDs. These represent the workspaces and/or orgs that need to be approved.
