Security tips to protect your workspace
At Slack, security is our top priority . We care about protecting your privacy and building a service you can trust. We’ve rounded up some tools to help keep Slack secure.
Note: If you have additional questions, or notice suspicious activity in your workspace, please contact us – we’d be happy to help.
Set up two-factor authentication
Two-factor authentication (2FA) is an extra layer of sign-in security. With 2FA enabled, members enter a verification code from their mobile device in addition to their Slack password . Using 2FA ensures that even if a password is compromised, access to Slack won’t be granted unless the person signing in is verified from their device.
Members can choose to enable 2FA if they'd like, but workspace owners and workspace admins can make 2FA mandatory for members . If your company uses an identity provider, consider configuring single sign-on for Slack.
Manage apps with care
By default, all members can install apps to their workspace. Workspace owners can choose to restrict permissions for how members can install and use apps. Learn more about managing app installation settings .
Limit access to your workspace
Slack allows for transparency, and sometimes that means sharing proprietary information or sensitive details. Here are some tips to ensure that only the right people have access to information in your workspace:
- 
Only invite people that you know 
 By default, workspace owners, workspace admins and members can send invitations. To control who's invited, you can require admin approval for all invitations. If you do allow members to send invitations, review pending and accepted invitations periodically.
- 
Verify email domains
 Workspace owners and workspace admins can set a signup mode for your workspace to allow anyone with an approved email domain to automatically join their workspace. Verify that you own any email domains you’ve approved for your workspace.
 
- 
Deactivate members’ accounts who no longer need access
 Change is constant, and people come and go. Don’t forget to deactivate a member’s account when they leave. Workspace owners on the Business+ and Enterprise Grid subscriptions can streamline deactivation with an identity provider using SCIM provisioning.
- 
Use Slack Connect to work with external people
 To work with external people who don’t need access to all the information in your workspace, you can use Slack Connect. This lets you collaborate securely in channels and direct messages, each from your own workspaces.
- 
Use guest accounts and limit the channels that they're invited to
 Some members of your Slack workspace (like contractors, interns or clients) may only need access to certain channels. Guest accounts are a great way to manage who has access to the information they need in your workspace.
- 
Manage email display
 Members can find each other’s email addresses in their profiles, but some people may prefer to keep this info private. Workspace owners and admins can choose if members’ email addresses are displayed in their Slack profiles.
Set session duration
Owners and admins on all subscriptions can limit how long their members are signed in to Slack by setting a session duration.
Understand Slack usage
- On paid subscriptions, workspace owners can view analytics and usage for insight into how members use Slack.
- On Enterprise subscriptions, monitor audit events with audit logs. Using the Audit log API, you can set up monitoring for anomaly events to help surface unexpected app and user behaviours.
- To optimise alerting capabilities in your Slack workspace or Enterprise organisation, we recommend using a Security Information and Event Management (SIEM) or a Security Orchestration, Automation, and Response (SOAR) tool.
