1. Slack Help Center
  2. Workspace administration
  3. Manage apps & workflows
    4. Guide to automation rules for app approval

Guide to automation rules for app approval

When setting up automated app approvals for your organization, it's important to proceed with care and ensure that your rules meet any unique security requirements established by your team. Read on for an overview of the components that make up rules and how to apply them.

Note: We recommend testing these features in a separate testing environment before implementing them in production. For additional support, you can contact us at any time.

 

How it works

App installation requests can be automatically approved, restricted, dismissed, or flagged for human review based on conditions that your rules will look out for. Rules can be comprised of several rule components, which will be evaluated in the order that you determine. If the requested app meets the requirements of the rule, your predetermined resolution will be automatically applied. 

 

Terms to know

  • Rule component
    Components are what a rule looks out for to determine an automated outcome.

    Available components
    Scopes Previous resolution App distribution App IDs
  • Conditions
    Conditional statements modify how the component and comparison interact.

    Available conditions
    Is Is not
  • Comparisons
    Comparisons are the state of the rule component. Each component has its own set of available comparisons.

    Available comparisons

    Includes Is empty Approved Restricted Unresolved
    Internal app Slack Marketplace approved Specific app ID
  • Resolutions
    Resolutions determine how you'd like to action a requested app that contains all the elements of a rule.

    Available resolutions
    Restrict Approve Cancel Review
  • Rules
    The available components, conditions and comparisons are constructed into a conditional statement with a resolution, known as a rule:

    If any or all Component + Condition + Comparison

    then Resolution = Restrict Approve Cancel Review

 

Scopes

Scopes are the unique set of permissions that tell you what an app can access. Each app installed to your workspace has an individualized set of scopes that allow the app to function. You can find a detailed list of scopes in our API documentation, and set a rule to resolve app requests based on what scopes are used in the app.

Scopes Requested

Scopes Resolved

Scopes requested refers to all the scopes present in any requested app.

Comparison

Rating list

Includes any of those in

Low risk list

Includes only those in

Medium risk list

Is empty

High risk list

Is not empty

Unrated list


Example

"If scopes requested includes any of those in high risk list, restrict"

Scopes resolved refers to the set of scopes in an app that has been previously requested and approved.

Comparison

Rating list

Includes any of those in

Low risk list

Includes only those in

Medium risk list

Is empty

High risk list

Is not empty

Unrated list


Example

"If scopes resolved includes any of those in high risk list, restrict"

Tip: Before getting started, take a look at the Scope ratings tab and ensure you've rated the appropriate scopes.

Previous resolution

If an app was previously requested in your workspace, you can set a rule to apply the same resolution.

Previous resolution is

Previous resolution is not

Condition

Comparison

Is

Approved

Is

Restricted

Is

Unresolved


Example

"If previous resolution is approved, approve"

Condition

Comparison

Is not

Approved

Is not

Restricted

Is not

Unresolved


Example
"If previous resolution is not restricted, approve"

App distribution

Base a rule on where the app originates: either internally or from the Slack Marketplace.

App distribution is

App distribution is not

Condition

Comparison

Is

An internal app

Is

Slack Marketplace approved


Example
"If app requested is an internal app, send for review"

Condition

Comparison

Is not

An internal app

Is not

Slack Marketplace approved


Example
"If app requested is not Slack Marketplace approved, send for review"

App IDs

Create a rule to approve specific apps based on their unique app IDs. 

App ID is

Condition

Comparison

Is

A specific app ID


Example
"If app ID is [any app ID], cancel"

 

Resolutions

When a requested app meets all the conditions of a rule, it will be resolved based on the set resolution and the requestor will be notified.

  • Restrict
    App cannot be installed and cannot be requested again unless the scopes change.
  • Approve
    App will be installed.
  • Cancel
    Dismiss the request without making a decision. A new request can be made anytime.
  • Review
    App will be sent to a human for review and approval.
Who can use this feature?

Awesome!

Thanks so much for your feedback!

If you’d like a member of our support team to respond to you, please send a note to feedback@slack.com.

Was this article helpful?Yes, thanks!Not really
Sorry about that! What did you find most unhelpful?
0/600
Submit article feedback

If you’d like a member of our support team to respond to you, please send a note to feedback@slack.com.

Oops! We're having trouble. Please try again later!