Guide to automation rules for app approval
When setting up automated app approvals for your organization, it's important to proceed with care and ensure that your rules meet any unique security requirements established by your team. Read on for an overview of the components that make up rules and how to apply them.
Note: We recommend testing these features in a separate testing environment before implementing them in production. For additional support, you can contact us at any time.
How it works
App installation requests can be automatically approved, restricted, dismissed, or flagged for human review based on conditions that your rules will look out for. Rules can be comprised of several rule components, which will be evaluated in the order that you determine. If the requested app meets the requirements of the rule, your predetermined resolution will be automatically applied.
Terms to know
-
Rule component
Components are what a rule looks out for to determine an automated outcome.Available components
Scopes Previous resolution App distribution App IDs -
Conditions
Conditional statements modify how the component and comparison interact.Available conditions
Is Is not -
Comparisons
Comparisons are the state of the rule component. Each component has its own set of available comparisons.Available comparisons
Includes Is empty Approved Restricted Unresolved
Internal app Slack Marketplace approved Specific app ID -
Resolutions
Resolutions determine how you'd like to action a requested app that contains all the elements of a rule.Available resolutions
Restrict Approve Cancel Review -
Rules
The available components, conditions and comparisons are constructed into a conditional statement with a resolution, known as a rule:If any or all Component + Condition + Comparison
then Resolution = Restrict Approve Cancel Review
Scopes
Scopes are the unique set of permissions that tell you what an app can access. Each app installed to your workspace has an individualized set of scopes that allow the app to function. You can find a detailed list of scopes in our API documentation, and set a rule to resolve app requests based on what scopes are used in the app.
Scopes Requested
Scopes Resolved
Scopes requested refers to all the scopes present in any requested app.
| Comparison | Rating list |
| Includes any of those in | Low risk list |
| Includes only those in | Medium risk list |
| Is empty | High risk list |
| Is not empty | Unrated list |
Example
"If scopes requested includes any of those in high risk list, restrict"
Scopes resolved refers to the set of scopes in an app that has been previously requested and approved.
| Comparison | Rating list |
| Includes any of those in | Low risk list |
| Includes only those in | Medium risk list |
| Is empty | High risk list |
| Is not empty | Unrated list |
Example
"If scopes resolved includes any of those in high risk list, restrict"
Tip: Before getting started, take a look at the Scope ratings tab and ensure you've rated the appropriate scopes.
Previous resolution
If an app was previously requested in your workspace, you can set a rule to apply the same resolution.
Previous resolution is
Previous resolution is not
| Condition | Comparison |
| Is | Approved |
| Is | Restricted |
Is |
Unresolved |
Example
"If previous resolution is approved, approve"
| Condition | Comparison |
| Is not | Approved |
| Is not | Restricted |
| Is not | Unresolved |
Example
"If previous resolution is not restricted, approve"
App distribution
Base a rule on where the app originates: either internally or from the Slack Marketplace.
App distribution is
App distribution is not
| Condition | Comparison |
| Is | An internal app |
| Is | Slack Marketplace approved |
Example
"If app requested is an internal app, send for review"
| Condition | Comparison |
| Is not | An internal app |
| Is not | Slack Marketplace approved |
Example
"If app requested is not Slack Marketplace approved, send for review"
App IDs
Create a rule to approve specific apps based on their unique app IDs.
App ID is
| Condition | Comparison |
| Is | A specific app ID |
Example
"If app ID is [any app ID], cancel"
Resolutions
When a requested app meets all the conditions of a rule, it will be resolved based on the set resolution and the requestor will be notified.
-
Restrict
App cannot be installed and cannot be requested again unless the scopes change. -
Approve
App will be installed. -
Cancel
Dismiss the request without making a decision. A new request can be made anytime. -
Review
App will be sent to a human for review and approval.
Who can use this feature?
- Workspace/Org Owners, Workspace/Org Admins and members with permission to manage apps
- Available on all plans