Guardrails, not gates: New enterprise security controls for Slack

New features give Enterprise Grid admins more control over who can use Slack and how, and which devices are approved

By the team at Slack6th August 2019

There’s a common misconception among enterprise companies: Adopting the cloud-based collaboration software your teams want to use requires a non-negotiable tradeoff—security. We beg to differ.

Our Enterprise Grid product is designed to make enterprise teams more productive while helping them meet even the most stringent security and compliance requirements (including FINRA and HIPAA). No tradeoff necessary.

Along those lines, we’re introducing a suite of new features that give enterprise admins and security-conscious IT leaders even more control over how their organization’s data can be accessed and shared in Slack. These controls:

  • Enable teams to work from anywhere with our mobile apps, while maintaining compliance to industry and company-specific requirements
  • Limit which people and devices can access Slack and how Slack can be used
  • Allow admins to select which features to use and customize how they’re implemented

Here’s a look at what’s new and what’s coming soon.

Control who and which devices can access Slack

Without proper controls in place, mobile applications can open your employees up to new security risks. To alleviate that, we’re rolling out new functionality to ensure that only the right people and approved devices can access your company’s information in Slack.

What’s available now

Face ID login for Slack Enterprise Grid

To further secure company data inside your employees’ Slack mobile app, switch on new secondary authentication controls. Admins can configure Slack to require an additional layer of security after single sign-on, using Face ID, Touch ID or generated passcodes at the app level. Admins can also customize this by setting a time period after which users have to re-authenticate.

Similarly, we’ve added new session management tools for admins to remotely wipe mobile or desktop sessions associated with a specific user in case a device is ever lost or stolen. Currently, session management is available through an API.

Coming soon

In the near future, we’ll be adding session management controls to the admin dashboard. Admins will even be able to define the maximum number of devices an employee can be logged in to at one time.

Down the line, Slack will have the ability to detect if a device is jailbroken and block access if it is. This helps ensure that employees are always accessing Slack from secure devices that meet company requirements.

Lastly, admins will also have the ability to require app upgrades. This means employees will always have the newest features and profiles applied to their devices, because they’ll have to use the latest version of the Slack app.

Control how Slack can be used

Many companies—especially in financial services or health care—need additional safeguards because of the sensitive nature of their work. To that end, we’re rolling out new tools to manage how data can be accessed and shared in Slack.

What’s available now

Thanks to new domain whitelisting tools, admins can define which workspaces can be accessed within a corporate network to prevent employees from signing in to unapproved workspaces. This not only helps safeguard sensitive information from being shared to non-managed workspaces, but also helps your teams focus on their most important work.

Relatedly, we added a new option to restrict downloading files and copying messages on mobile devices for organizations that need additional control over how information is accessed and used. For example, one of our banking customers enabled this feature to ensure sensitive company information could still be viewed but not locally saved to unmanaged devices.

Coming soon

Building on the above, we are working on bringing similar functionality to block file downloads from desktop computers outside of non-approved IP addresses.

We’re also adding a mobile browser control feature. This will allow admins to require all links shared in Slack to open in specific browsers, including Blackberry Access, that are managed within a Mobile Application Management container.

Empowering admins who manage thousands

These new features are designed for leaders who want to modernize and improve how their organizations work, while maintaining compliance with their industry- or company-specific security policies. It’s all part of our ongoing commitment to providing IT leaders and enterprise admins with the tools they need to deploy Slack to thousands of employees in a safe, secure and centralized way.

To learn more about our robust security initiatives and compliance certifications, check out

The following information is intended for INFORMATIONAL PURPOSES ONLY, and not as a binding commitment. Please do not rely on this information in making your purchasing decisions. The development, release and timing of any products, features or functionality remain at the sole discretion of Slack, and are subject to change.

Was this post useful?


Nice one!

Thanks a lot for your feedback!

Got it!

Thanks for your feedback.

Whoops! We’re having some problems. Please try again later.

Keep reading


How Slack simplified complex operations at Cebu Pacific Air


Three strategies for boosting partner sales with Slack

How to strengthen your tech channel sales relationships with automation and speedy communication


Supercharge your sales teams with the new Slack and Salesforce integration

Slack Sales Elevate can transform every step of your sales process by centralising customer records, accounts, opportunities‌ and key metrics


Discover Salesforce’s recipe for customer success

Slack energises enterprise service agents with faster collaboration, knowledge sharing and more