Guide to automation rules for app approval

When setting up automated app approvals for your organisation, it's important to proceed with care and ensure that your rules meet any unique security requirements established by your team. Read on for an overview of the components that make up rules and how to apply them.

Note: We recommend testing these features in a separate testing environment before implementing them in production. For additional support, you can contact us at any time.

 

How it works

App installation requests can be automatically approved, restricted, dismissed or flagged for human review based on conditions that your rules will look out for. Rules can be comprised of several rule components, which will be evaluated in the order that you determine. If the requested app meets the requirements of the rule, your predetermined resolution will be automatically applied. 

 

Terms to know

  • Rule component
    Components are what a rule looks out for to determine an automated outcome.

    Available components
    Scopes Previous resolution App distribution App IDs

  • Conditions
    Conditional statements modify how the component and comparison interact.

    Available conditions
    Is Is not

  • Comparisons
    Comparisons are the state of the rule component. Each component has its own set of available comparisons.

    Available comparisons

    Includes Is empty Approved Restricted Unresolved
    Internal app App directory approved Specific app ID

  • Resolutions
    Resolutions determine how you'd like to action a requested app that contains all the elements of a rule.

    Available resolutions
    Restrict Approve Cancel Review

  • Rules
    The available components, conditions and comparisons are constructed into a conditional statement with a resolution, known as a rule:

    If any or all Component + Condition + Comparison

    then Resolution = Restrict Approve Cancel Review

 

Scopes

Scopes are the unique set of permissions that tell you what an app can access. Each app installed to your workspace has an individualised set of scopes that allow the app to function. You can find a detailed list of scopes in our API documentation, and set a rule to resolve app requests based on what scopes are used in the app.

Scopes requested

Scopes resolved

Scopes requested refers to all the scopes present in any requested app.

Comparison

Rating list

Includes any of those in

Low risk list

Includes only those in

Medium risk list

Is empty

High risk list

Is not empty

Unrated list


Example

‘If scopes requested includes any of those in high risk list, restrict

Scopes resolved refers to the set of scopes in an app that has been previously requested and approved.

Comparison

Rating list

Includes any of those in

Low risk list

Includes only those in

Medium risk list

Is empty

High risk list

Is not empty

Unrated list


Example

‘If scopes resolved includes any of those in high risk list, restrict

Tip: Before getting started, take a look at the Scope ratings tab and make sure that you've rated the appropriate scopes.

Previous resolution

If an app was previously requested in your workspace, you can set a rule to apply the same resolution.

Previous resolution is

Previous resolution is not

Condition

Comparison

Is

Approved

Is

Restricted

Is

Unresolved


Example

‘If previous resolution is approved, approve

Condition

Comparison

Is not

Approved

Is not

Restricted

Is not

Unresolved


Example
‘If previous resolution is not restricted, approve

App distribution

Base a rule on where the app originates: either internally or from the Slack App Directory.

App distribution is

App distribution is not

Condition

Comparison

Is

An internal app

Is

App Directory approved


Example
‘If app requested is an internal app, send for review

Condition

Comparison

Is not

An internal app

Is not

App Directory approved


Example
‘If app requested is not app directory approved, send for review

App IDs

Create a rule to approve specific apps based on their unique app IDs. 

App ID is

Condition

Comparison

Is

A specific app ID


Example
‘If app ID is [any app ID], cancel

 

Resolutions

When a requested app meets all the conditions of a rule, it will be resolved based on the set resolution and the requestor will be notified.

  • Restrict
    App cannot be installed and cannot be requested again unless the scopes change.
  • Approve
    App will be installed.
  • Cancel
    Dismiss the request without making a decision. A new request can be made at any time.
  • Review
    App will be sent to a human for review and approval.
Who can use this feature?