Shared channels and security icon, hashtag with lock
Training

Shared channels: your security FAQ

Shared channels are built to help your team work with external organizations in Slack, while keeping your company’s data and information secure.

Admin controls

Who can create shared channels?

Users can initiate a shared channel by sharing an invitation link with their external partner. From there, depending on your settings, admins on both sides must approve the shared channel. For customers on Enterprise Grid, this defaults to org owners and admins, with the option to designate these permissions to additional people, such as workspace admins or anyone you specify.

How should admins vet inbound invitations?

If you’re unsure what a proposed shared channel is for or who the invitation is from, you have a few options:

  • Don’t accept the invitation. You can decline any invitation you receive.
  • Email the sender for clarification using the email address included in the request.
  • Ask your members for more info about the request if they’re already working with the sender in some capacity.

In the channel administration section of the Grid dashboard, org owners and admins can choose whether or not your organization can receive shared channel requests from external organizations.

What’s the role of the admin dashboard?

The admin dashboard provides an overview of how your organization is working externally and a record of all communication with external partners. This includes:

  • A list of all the external organizations that you are connected with
  • An account of any connections with outside organizations, including shared channels and direct messages
  • The ability to stop sharing all channels with a particular external organization (including private channels and DMs)

What every admin needs to know

How do apps and integrations work in shared channels?

In shared channels, apps can be used just like in any other channel context. When it comes to specific functionality, keep the following in mind:

 

 

As with any app you install, make sure your admins understand how these apps work with Slack. For greater visibility, consider asking the admins of the connecting workspace what apps (if any) they plan to install in the shared channel.

 

Can I disconnect a shared channel?

Admins on both sides can disconnect existing shared channels. Should the shared channel be disconnected, the host workspace (organization who sent the invite) will be able to continue using the channel after disconnect. The connecting workspace (organization who received the invite) will get a read-only copy that becomes archived. Direct messages between the two connecting organizations can be disconnected separately.

Who can edit and delete messages in a shared channel?

Message editing and deletion settings for your workspace or Enterprise Grid org will apply to shared channels too. For example, workspace admins can delete messages sent by members of their workspace but not those sent by a member of an external organization.

Can I verify how an outside member accesses a shared channel?

As with external email, you cannot currently verify that a member outside your organization is accessing the shared channel from a secure device, behind a corporate firewall or VPN, or via single sign-on (SSO). Please work with the organization you’re sharing with to determine how their users access Slack.

Security and compliance overview

Export tools and Data Loss Protection (DLP)

As with regular channels, on the Standard and Plus plans, workspace owners and admins can use Standard Export to export content from public shared channels. On the Plus plan, workspace owners can use Corporate Export to export content from public and private shared channels and all the related direct messages shared across two workspaces.

The Discovery API can read all messages in shared channels, but only the messages posted by members of your workspace can be edited or deleted. The Discovery API will not capture the display names from members outside your organization.

Message and file retention

Right now, custom message and file retention policies aren’t supported. That means that retention is set to unlimited in shared channels and both workspaces will be able to export the data. Custom retention also doesn’t apply to any direct messages or group DMs sent between members of the two Slack workspaces.

Your custom retention policy will still be in effect for all your other non-shared channels.

Enterprise Key Management (EKM)

EKM customers will be able to use shared channels; however, messages and files sent in shared channels are not currently encryptable using your own keys.

Messages and files in all other channels within Slack will still be encrypted using your keys. Once EKM becomes supported across shared channels, EKM will retroactively apply to all your messages and files in shared channels.

Was this resource useful?

0/600

Awesome!

Thanks so much for your feedback!

Got it!

Thanks for your feedback.

Oops! We're having trouble. Please try again later!