Configure Slack Enterprise for the Next Generation API Data Protection

Configure Slack Enterprise for the Next Generation API Data Protection

To configure Slack Enterprise for Next Generation API Data Protection, you need to authorize Netskope as a web application client to access your Slack Enterprise instance. Follow the instructions below.

Prerequisite

  • A Slack account with Enterprise Grid plan.

  • An organization owner user account.

Configure Netskope to Access Slack Enterprise Account

To authorize Netskope to access your Slack Enterprise account, follow the steps below:

  1. Log in to your Slack enterprise grid account as an organization owner.

  2. Identify the workspace name and note it down. This workspace name will be required during the Slack Enterprise instance setup in the following steps.

    This workspace will also be used to install the Netskope Bot for legal hold, quarantine, and policy alert notification.
  3. Log in to the Netskope tenant UI and go to Settings > Configure App Access > Next Gen > CASB API.

  4. Under Apps, select Slack Enterprise and click Setup CASB API Instance.

    The Setup Instance window opens.

  5. Enter the Slack Org Owner Email address.

  6. Enter the Workspace Name noted in step 2. The workspace name is case-sensitive.

    This workspace will be used to install the Netskope Bot for legal hold, quarantine, and policy alert notification.
  7. Under Instance Name, enter a name of the SaaS app instance. This step is optional and if left blank, Netskope will determine the name of the app instance post grant.

  8. Ensure that you are logged in to your Slack enterprise grid account as an organization owner in one of the tabs of your browser.

    The organization owner has to be logged in to the enterprise account and use the same browser session to grant access in the Netskope UI.
  9. Click Grant Access.

    A new pop-up window opens asking you to authorize Netskope to access and manage all your organization’s messages and files.

  10. Click Allow.

    When the configuration results page opens, click Close.

Refresh your browser and you will see a green check icon next to the instance name.

Install the Netskope for Slack Enterprise App

Once you have granted access your Slack Enterprise account to Netskope, next, you should install the the Netskope for Slack Enterprise App on your Slack workspace. This app works like a chat bot. The purpose of the Netskope chat bot is:

  • to send direct messages to users or organization owner in the event of a policy match. You can configure this under the + Notification option of the Next Generation API Data Protection policy wizard page.

  • to store a copy of the violated content as part of the legal hold and quarantine actions in netskope_legalhold and netskope_quarantine private channels respectively. These groups are accessible only by the instance administrator.

    The members in the netskope_legalhold & netskope_quarantine private channels include the Netskope bot and Slack organization owner only.
Customers who migrate from Classic API Data Protection for Slack for Enterprise to Next Generation, you will notice there is no Grant Bot button on the Next Generation instance setup page. In Next Generation, you should install the Netskope chat bot manually to a workspace.

Follow the steps below:

  1. Log in to your Slack enterprise grid account as an organization owner.

  2. On the top-right, click Manage Organizations.

  3. On the left navigation pane, click Integrations > Installed Apps.

  4. Identify the Netskope for Slack Enterprise app from the list.

  5. Click the three-dot icon beside the Netskope for Slack Enterprise app, then click Add to more workspace.

  6. Identify the workspace name you entered in step 6 during the instance setup. Select it and click Next.

  7. Review the requested permissions and click Next.

  8. Select the I’m ready to add this app checkbox and click Add App.

    You have successfully installed the Netskope chat bot.

    The legal hold, quarantine, and policy alert notification features may take up to an hour to become fully functional after the Netskope chat bot is installed in the workspace.

Next, you can view the Next Generation API Data Protection Inventory page to get deep insights on various entities on your Slack Enterprise account. For more information on the Inventory page, see Next Generation API Data Protection Inventory.

You can receive audit events and standard user behavior analytic alerts in Skope IT. To know more: Next Generation API Data Protection Skope IT Events.

Next, you should configure a Next Generation API Data Protection policy. To do so, see Next Generation API Data Protection Policy Wizard.

Important Points to Note

A few important notes on Next Generation API Data Protection for Slack Enterprise.

Slack Enterprise Channel Promotion and Conversation Policies

When a channel is shared with multiple workspaces or includes external users, Slack promotes it to the organization level. In Next Generation API Data Protection, the existing channel will be deleted, and a new one will be created for the promoted channel.

In Next Generation API Data Protection, you can bind specific policies to individual channels. If a channel is deleted during promotion, the policies previously set on that channel becomes invalid and will not transfer to the newly promoted channel automatically.

This applies only when you configure channel-specific policies.

Slack Canvas

Slack has introduced a new feature “Canvas”. Next Generation API Data Protection for Slack Enterprise can perform a DLP scan on direct messages, 1:n messages, channels, threads, and replies within a Slack Canvas. However, Next Generation API Data Protection cannot scan attachments in Slack Canvas. This is due to a lack of underlying Slack API support.

Snippet Edit

Editing an existing snippet without changing any associated messages may not be detected by Next Generation API Data Protection, as Slack currently lacks an appropriate API to identify such events.

Duplicate DLP and Threat Protection Alerts

When a user uploads a DLP or malware sensitive file in Slack Enterprise messenger, Netskope receives two API notifications – one for file upload, the other for sharing in Slack messenger. These two events generate two DLP/malware Skope IT alerts pointing to the same file. User should ignore the duplicate alert. This is a known issue and will be addressed in a future release.

Share this Doc

Configure Slack Enterprise for the Next Generation API Data Protection

Or copy link

In this topic ...