Security tips to protect your workspace

At Slack, security is our top priority. We care about protecting your privacy and building a service that you can trust. We’ve rounded up some tools to help workspace owners and admins keep their workspace secure.

Note: If you have additional questions, or notice suspicious activity in your workspace, please contact us – we’d be happy to help.

Set up two-factor authentication

Two-factor authentication (2FA) is an extra layer of sign-in security. With 2FA enabled, members enter a verification code from their mobile device in addition to their Slack password. Using 2FA ensures that even if a password is compromised, access to Slack won’t be granted unless the person signing in is verified from their device.

Members can choose to enable 2FA if they'd like to, but workspace owners and workspace admins can make 2FA mandatory for members. If your company uses an identity provider, consider upgrading and configuring single sign-on for Slack.

Manage apps with care

By default, all members can install apps to their workspace. Workspace owners can choose to restrict permissions for how members can install and use apps. Learn more about managing app installation settings.

Note: For internal integrations built by your team, treat the tokens that you generate carefully, and never share tokens with other people or applications. Read how to connect your tools to Slack.

Limit access to your workspace

Slack allows for transparency, and sometimes that means sharing proprietary information or sensitive details. Here are some tips to ensure that only the right people have access to information in your workspace:

  • Only invite people that you know 
    By default, workspace owners, workspace admins and members can send invitations. To control who's invited, you can require admin approval for all invitations. If you do allow members to send invitations, review pending and accepted invitations periodically.
  • Verify email domains
    Workspace owners and workspace admins can set a signup mode for your workspace to allow anyone with an approved email domain to automatically join their workspace. Verify that you own any email domains you’ve approved for your workspace.
  • Deactivate members’ accounts who no longer need access
    Change is constant, and people come and go. Don’t forget to deactivate a member’s account when they leave. Workspace owners on the Business+ and Enterprise Grid subscriptions can streamline deactivation with an identity provider using SCIM provisioning
  • Use Slack Connect to work with external people
    To work with external people who don’t need access to all the information in your workspace, you can use Slack Connect. This lets you collaborate securely in channels and direct messages, each from your own workspaces.
  • Use guest accounts and limit the channels that they're invited to
    Some members of your Slack workspace (like contractors, interns or clients) may only need access to certain channels. Guest accounts are a great way to manage who has access to the information they need in your workspace.
  • Manage email display
    Members can find each other’s email addresses in their profiles, but some people may prefer to keep this info private. Workspace owners and admins can choose if members’ email addresses are displayed in their Slack profiles.

Set session duration

On the Pro, Business+ and Enterprise Grid subscriptions, owners and admins can limit how long their members are signed in to Slack by setting a session duration

Understand Slack usage

On paid subscriptions, workspace owners can view analytics and usage for insight into how members use Slack.