Shared channels and security icon, hashtag with lock

Working with external organisations in Slack: Your security FAQ

Help your team work with external organisations in Slack, while keeping your company’s data and information secure.

Admin controls

Who can share a channel?

Users can share a channel by sending an invitation link to their external partner. Depending on your settings, admins on each side must approve the channel and can disconnect the channel at any time. For customers on Enterprise Grid, this defaults to org owners and admins, with the option to designate these permissions to additional people, such as workspace admins or anyone that you specify.

How should admins vet inbound invitations?

If you’re unsure what a proposed channel is for or who the invitation is from, you have a few options:

  • Don’t accept the invitation; you can decline any invitation that you receive
  • Email the sender for clarification using the email address included in the request
  • Ask your members for more info about the request if they’re already working with the sender

In the channel administration section of the Grid dashboard, org owners and admins can choose whether or not your organisation can receive channel requests from external organisations.

What’s the role of the admin dashboard?

The admin dashboard provides an overview of how your organisation is working externally and a record of all communication with external partners. This includes:

  • A list of all external organisations that you are connected with 
  • An account of any connections with outside organisations, including channels and direct messages 
  • The ability to stop sharing all channels with a particular external organisation (including private channels and DMs)

What every admin needs to know

How do apps and integrations work in a channel shared with external organisations?

Apps can be used just like in any other channel context. When it comes to specific functionality, keep the following in mind:



As with any app that you install, make sure that your admins understand how these apps work with Slack. For greater visibility, consider asking the admins of the connecting workspace what apps (if any) they plan to install in the channel.


Can I disconnect a channel shared with external organisations?

Admins on each side can disconnect existing channels. Should the channel be disconnected, the host workspace (organisation who sent the invite) will be able to continue using the channel after disconnection. The connecting workspace (organisation who received the invitation) will get a read-only copy that becomes archived. Direct messages between the connecting organisations can be disconnected separately.

Who can edit and delete messages in a channel?

Message editing and deletion settings for your workspace or Enterprise Grid org will apply to channels shared with external organisations too. For example, workspace admins can delete messages sent by members of their workspace but not those sent by a member of an external organisation.

Can I verify how an outside member accesses a channel?

As with external email, you cannot currently verify that a member outside your organisation is accessing the channel from a secure device, behind a corporate firewall or VPN or via single sign-on (SSO). Please work with the organisation that you’re sharing a channel with to determine how their users access Slack.

Security and compliance overview

Export tools and data loss protection (DLP)

As with regular channels, on the Standard and Plus subscriptions, workspace owners and admins can use Standard Export to export content from public channels. On the Plus subscription, workspace owners can use Corporate Export to export content from public and private channels and all the related direct messages shared across the workspaces. The Discovery API can read all messages in channels, but only the messages posted by members of your workspace can be edited or deleted.

Message and file retention

Messages and all other content from members of your team will abide by your existing policy. Your retention settings will apply only to content from members of your organisation. Messages and all other content from people outside your organisation will not be affected by your policy but, rather, will be retained or deleted based on their own organisation’s policy.

Enterprise Key Management (EKM)

Starting on August 31st 2020, if you’re an Enterprise Key Management customer, you can share channels with external organisations, and all messages and files sent in these channels are encrypted using your keys.

This means that content sent by people in your organisation will always be encrypted using your organisation’s keys and rules. Content sent by external organisations is encrypted with their keys, if applicable.

Was this resource useful?


Nice one!

Thanks a lot for your feedback!

Got it!

Thanks for your feedback.

Whoops! We’re having some problems. Please try again later.