Configure Slack for Team for API Data Protection

Configure Slack for Team for API Data Protection


Check with Slack help desk if your edition supports the Slack Discovery API. If so, you must deploy a Slack Enterprise Netskope instance even for non-enterprise editions of Slack. Shared channels are currently not supported.

However, if you are on Slack Pro or Business+ (without the Slack Discovery API) license, you should configure Slack for Team.

To configure Slack for Team for API Data Protection, you need to authorize Netskope as a web application client to access your Slack for Team instance.

Configure Netskope Access for Slack for Team

To authorize Netskope to access your Slack for Team instance:

  1. Log in to the Netskope tenant UI: https://<tenant hostname> and go to Settings > Configure App Access > Classic > SaaS.
  2. Select the Slack Team icon, and then click Setup Instance.
  3. The Setup Instance window opens. Enter the following details:Enter an instance name, enable the check boxes for the services you aim to use, and then enter your Slack primary owner’s email address and a comma-separated list of internal domains that will be used to identify your internal users from external users.
    • Instance Name: Enter the name of the Slack Team account.
    • Instance Type: Select the appropriate features from the following options:
      • API Data Protection: Select this option to allow Netskope to scan through your SaaS app instance to list files, user, and other enterprise data.
      • Legal Hold: Select this option if you would like to preserve all forms of relevant information when litigation is reasonably anticipated. You can choose to have a copy of the file saved for legal purposes if it matches policy criteria. For more information to set up legal hold, see Legal Hold Profile.
    • Admin Email: Enter the Slack primary owners’ email address.
    • Internal Domains: Enter a comma-separated list of internal domains that will be used to identify your internal users from external users.
  4. Click Save, then click Grant Access for the app instance you just created. You will be prompted to log in with your Slack primary owner or owner of the team username and password, and then click Grant. When the configuration results page open, click Close.

Refresh your browser and you will see a green check icon next to the instance name.

Slack installs the Netskope app and sends an email to the primary owner. To verify Netskope is installed, log in to your admin Slack account and click Channel Settings > Add an app or integration, and then click Manage. Netskope should be displayed on the apps page.

Limitations on Slack for Team

Following are the limitations you should be aware of when using Slack for Team.

  • API Data Protection does not scan direct messages.
  • API Data Protection scans all public channels.
  • API Data Protection can scan only those private channels in which the primary owner is a member.
  • API Data Protection cannot scan messages and file attachments replied in threads.

These limitations are due to the underlying Slack API limitations. To overcome these, Netskope recommends to have Slack Discovery APIs enabled on your Slack tenant and configure Slack Enterprise. For more information, see Configure Slack Enterprise for API Data Protection.

Share this Doc
In this topic ...