Shared channels and security icon, hashtag with lock

Working with external organisations in Slack: Your security FAQ

Help your team to work with external organisations in Slack, while keeping your company’s data and information secure.

Admin controls

Who can share a channel?

Users can share a channel by sending an invitation link to their external partner. Depending on your settings, admins on each side must approve the channel and can disconnect the channel at any time. For customers on Enterprise Grid, this defaults to org owners and admins, with the option to designate these permissions to additional people, such as workspace admins or anyone that you specify.

How should admins vet inbound invitations?

If you’re unsure what a proposed channel is for or who the invitation is from, you have a few options:

  • Don’t accept the invitation. You can decline any invitation that you receive
  • Email the sender for clarification using the email address included in the request
  • Ask your members for more information about the request if they’re already working with the sender

In the channel administration section of the Grid dashboard, org owners and admins can choose whether or not your organisation can receive channel requests from external organisations.

What’s the role of the admin dashboard?

The admin dashboard provides an overview of how your organisation is working externally and a record of all communication with external partners. This includes:

  • A list of all external organisations that you are connected with 
  • An account of any connections with outside organisations, including channels and direct messages 
  • The ability to stop sharing all channels with a particular external organisation (including private channels and DMs)

What every admin needs to know

How do apps and integrations work in a channel that is shared with external organisations?

Apps can be used just like in any other channel context. When it comes to specific functionality, keep the following in mind:

 

 

As with any app that you install, make sure that your admins understand how these apps work with Slack. For greater visibility, consider asking the admins of the connecting workspace what apps (if any) they plan to install in the channel.

 

Can I disconnect a channel that is shared with external organisations?

Admins on each side can disconnect existing channels. Should the channel be disconnected, the host workspace (the organisation that sent the invitation) will be able to continue using the channel after disconnection. The connecting workspace (the organisation that received the invitation) will get a read-only copy that becomes archived. Direct messages between the connecting organisations can be disconnected separately.

Who can edit and delete messages in a channel?

Message editing and deletion settings for your workspace or Enterprise Grid org will apply to channels that are shared with external organisations, too. For example, workspace admins can delete messages sent by members of their workspace, but not those sent by a member of an external organisation.

Can I verify how an outside member accesses a channel?

As with external email, you cannot currently verify that a member outside your organisation is accessing the channel from a secure device, behind a corporate firewall or VPN or via single sign-on (SSO). Please speak to the organisation that you’re sharing a channel with to determine how their users access Slack.

Security and compliance overview

Export tools and data loss protection (DLP)

As with regular channels, on the Standard and Plus subscriptions, workspace owners and admins can use Standard Export to export content from public channels. On the Plus subscription, workspace owners can use Corporate Export to export content from public and private channels and all the related direct messages shared across the workspaces. The Discovery API can read all messages in channels, but only the messages posted by members of your workspace can be edited or deleted. The Discovery API will not capture the display names from members outside your organisation.

Message and file retention

Messages and all other content from members of your team will abide by your existing policy. Your retention settings will apply only to content from members of your organisation. Messages and all other content from people outside your organisation will not be affected by your policy, but rather will be retained or deleted based on their own organisation’s policy.

Enterprise Key Management (EKM)

Starting 31st August 2020, if you’re an Enterprise Key Management customer, you can share channels with external organisations, and all messages and files sent in these channels are encrypted using your keys.

This means that content sent by people in your organisation will always be encrypted using your organisation’s keys and rules. Content sent by external organisations is encrypted with their keys, if applicable.

Was this resource useful?

0/600

Nice one!

Thanks a lot for your feedback!

Got it!

Thanks for your feedback.

Whoops! We’re having some problems. Please try again later.