Slack

This guide will teach you how to set up the connector between Slack and Clarity Security.

Estimated time to complete: 15 minutes

Below are capabilities supported by the connector at this time.

How to Setup the Connector

Step 1: Login to the Slack developer site.

Use the following link to log in to the Slack Developer site.

https://api.slack.com

Step 2: Click Your Apps.

Click "Your apps" at the top right of the landing page.

Step 3: Click Create an App.

Use "Create an app" button to start the application creation process.

Step 4: Select From scratch.

Select "From scratch" to create a custom app for connection with Clarity.

Step 5: Choose an App Name and Workspace.

Provide a descriptive name (like Clarity-app-connector) for the application and choose your Slack workspace. Then click "Create App".

Step 6: Scroll to Add features and functionality.

Scroll to Add features and functionality and then choose Permissions.

Step 7: Add an OAuth Scope

Scroll down to Scopes, then under User Token Scopes click Add an OAuth Scope.

Step 8: Select Admin

Select the "admin" scope from the dropdown list.  This will give the connector the ability to create, manage, and delete service users.

Step 9: Install to your Workspace

Scroll up to OAuth & Permissions, then click Install to Workspace.

Step 10: Click Allow

Click Allow to grant the Slack app permission to your Slack workspace.

Step 11: Add New Redirect URL

Scroll down to Redirect URLs and click Add New Redirect URL.

Step 12: Save your Redirect URLs

Paste in the redirect URL for your Clarity Security tenant.  Your URL will be similar to the one below:

• https://your-tenant.claritysecurity.io/application/oauthProcessCode/slack

  • "your-tenant" should be replaced with your companies Clarity subdomain.

  • Please note the "slack" portion at the end of the URL corresponds to the Unique Identifier from your application configuration.

Step 13: Opt in to advanced token security via token rotation

Scroll to OAuth & Permissions and Click "Opt in" for the advanced token security via token rotation.

Step 14: Opt in again

Click Opt in again to permanently use token rotation with your slack application.

Step 15: Head to Settings > Basic Information

In the sidebar on the left, head to Settings > Basic Information

Step 16: Collect your App credentials

Scroll to the App Credentials Section, and collect the Client ID and Client Secret.  Copy these credentials so they can be reused later when configuring the connection in Clarity.

Step 17: Login to your Clarity Security tenant.

Step 18: Head to Applications > Marketplace

Click on the Applications section, then click on the Marketplace button.

Step 19: Search for Slack

Search for Slack or scroll to the Slack entry in the marketplace list.

Step 20: Connect App

Complete the App Settings form.  Details for fields common to all applications can be found at the following article: Common App Configuration Steps

• client_id: Copy and paste your Slack Client ID from Step 16

• client_secret: Copy and paste your Slack Client Secret from Step 16

• Unique Identifier: slack

• Access via: API

Step 21: App Settings

Complete the App Settings form.  Details for each field can be found at the following article: Common App Configuration Steps

Step 22: User Settings

Complete the User Settings form, check the table at the top to see if any features are unsupported.  Details for each field can be found at the following article: Common App Configuration Steps

Step 23: Validate Your Selections and Save

How to Set Up the Connector for Slack Enterprise. 

On Enterprise Grid, SCIM operations work across the entire organization, not individual workspaces. A SCIM app can provision, de-provision, and update team members in just one place rather than having to do so across every workspace in an organization. 

For this reason, the OAuth token used for clawing SCIM API Methods Must be obtained from installing the app on the organization, not just a workspace within the organization. To get a SCIM app working on a grid organization, do the following: 

1. The web service powering you app will need to be able to handle a standard OAuth 2 flow.

2. Create a new Slack App.

3. In the app's settings, select OAuth & Permissions from the left navigation. Scroll down to the section titled Scopes and add the "Admin" scope and click the green Save Changes button.

4. In the app's settings, select Manage Distribution from the left navigation. Under the section titled Share Your App with Other Workspaces, make sure all four sections have the green check. Then click the green Activate Public Distribution button.

5. Under the Share Your App with Your Workspace section, copy the Sharable URL and paste it into a browser to initiate the OAuth handshake that will install the app on your organization. You will need to be logged in as an owner of your Enterprise Grid organization to install the app. 

6. Check the dropdown in the upper right of the installation screen to ensure you are installing the app on the Enterprise Grid organization, not an individual workspace within the organization. (See image below)

7. Once your app completes the OAuth flow, you will be granted an Oath token that can be used for calling all of the SCIM API methods for your organization. this token is the one your app should use to call the SCIM methods. 

When installing the SCIM app, be sure to install it on your Grid organization, not a workspace within the organization. 

Usergroups on Enterprise Grid work a bit differently as well. Creating SCIM groups will create an IDP group, which may or may not be the correct behavior depending on what you hope to accomplish. 

Need Help?