At Slack, we work hard to ensure that your data is always protected. And we believe security requires a two-pronged approach. First, Slack implements a comprehensive set of security features. Second, we recognize that every company is different, which is why Slack includes a variety of product features that can be configured and customized by your administrators to meet your security requirements. This document introduces some of these enterprise security features.
Identity and Mobility Management
Securing your information starts with identity controls. With SAML-based (Security Assertion Markup Language) single sign-on, members can access Slack through an identity provider (IDP) of their choice—and we work with all SAML 2.0–based IDPs. Customers can automatically provision users and groups from their identity provider, remove members from a workspace and manage access at a moment’s notice.
- SAML 2.0
- Custom session durations
- Support for enterprise identity providers including Okta, ADFS, Azure AD, PingFederate and others
- Guest management, including invite permissions and expiry dates for guests
User and Group Provisioning
- System for cross-domain identity management (SCIM)
- Create or deactivate full member accounts
- Sync and update member profile fields
- Synchronize directory user groups for workspace membership management
Enterprise Mobility Management (EMM)
- Prevent unmanaged devices from accessing your Slack organization
- Prevent copying/pasting content from Slack into another mobile application
- Enforce additional device policies through integration with your deployed EMM solution*
- Dedicated EMM mobile application
*Supported EMM providers include AirWatch, MobileIron, BlackBerry and others that support the AppConfig standard.
By default, Slack encrypts data at rest and data in transit as part of our foundational security controls.
Slack Enterprise Key Management further enhances the ability of security-conscious or regulated customers to share their sensitive conversations, data and files on Slack Enterprise Grid. By managing your own encryption keys using Amazon Key Management Service (KMS), you get complete ownership of your information on Slack.
Additional product features, including integrations by best-of-breed providers, can be configured by your company. Discovery APIs enable Slack Enterprise Grid customers to integrate their organization with third-party applications to enable data loss prevention, so their information is always safe.
Data Loss Prevention
- API-based, with prebuilt connectors to leading solution partners
- Partner-enabled functionality
- Monitor messages and files in public channels, private channels and direct messages
- Integrated DLP solutions have complete access to all content within your enterprise organization
- Actively quarantine and remove non-compliant content in near real time
Learn more about Slack’s Discovery APIs.
Every company needs an ongoing strategy to reduce the risk of compromised data, and there’s no one-size-fits all approach. That’s why Slack partners with best-of-breed enterprise providers for functionality like e-discovery. From enabling global retention to supporting e-discovery, Slack has governance and risk-management capabilities that are flexible enough to meet your organization’s needs, no matter what they are.
Global Retention Policies
- Set global message retention policies for channel types or direct messages independently
- Set global file retention policies for files
- Define policies to capture the edits and deletions of messages
- API-based, with prebuilt connectors to leading solution partners like Smarsh, Bloomberg Vault, Globanet and more
- Archive Slack messages and files
- Run e-discovery queries on Slack content
- Place identified Slack content on legal/litigation hold
- Download logs of activity within your Slack workspaces
- Capture events like file downloads, file uploads and admin setting changes
- Decide who can approve apps or integrations
- Control which apps are approved for members to install
- Restrict app installations to only those listed in Slack’s App Directory
- Prevent users from creating unsanctioned workspaces using owned email domains
- Users are redirected to sign into the organization’s SSO page
- Customer-defined terms of service message
- Link to corporate policies, legal information and internal information sources
Compliance, certifications and regulations
Slack complies with broadly recognized standards and offers tools to help customers meet their compliance requirements.
Every company and team using our service expects its sensitive information and customer data to be secure and confidential. Safeguarding this data is a critical responsibility we have to our customers, and we work hard to maintain that trust.