How to Approve Slack workspaces for your network
If you’re an IT administrator looking to approve Slack workspaces using an SSL proxy within your corporate network, you can follow specific guidelines to manage access effectively. By limiting connections, you can prevent unauthorized sign-ins to unapproved workspaces. Here’s a concise guide to help you through the process:
Understand What You Can Approve:
- A Slack workspace not within an Enterprise Grid organization.
- An Enterprise Grid organization and all its connected workspaces.
Use of SSL Proxy:
- Implement SSL proxy settings to control access to Slack workspaces. This involves configuring your network to allow only approved workspaces through the proxy.
Configuration Steps:
- Set up your firewall and proxy settings to restrict access to specific Slack domains.
- Use HTTP header injection to specify allowed workspaces, ensuring that only traffic to approved workspaces is permitted.
Verification:
- Regularly check and verify that only approved workspaces are accessible through your network settings.
These steps will help you maintain control over which Slack workspaces can be accessed within your corporate network, ensuring compliance and security. For detailed technical instructions, you might refer to resources like Fortinet’s guide on using web-proxy profiles for Slack.
What to expect
IT administrators can configure an on-premises or cloud-based proxy server to intercept traffic to Slack by inserting new HTTP headers, specifically “X-Slack-Allowed-Workspaces-Requester
” and “X-Slack-Allowed-Workspaces
“. These headers list the workspaces that employees are permitted to access, helping to control and secure workspace connections within the corporate network. By using a proxy server, administrators can effectively manage access to Slack workspaces, ensuring that only approved workspaces are accessible, thereby enhancing network security and compliance with corporate policies.
Once the SSL proxy is enabled, your team will be able to access the approved Slack organization or workspaces and continue using Slack normally. If anyone attempts to sign in to a workspace that isn’t on the approved list, they will encounter an error message.
How to approve workspaces for your network
To approve Slack workspaces for your network, follow these steps:
- Check Your Proxy Server: Ensure that your proxy server supports SSL interception. Refer to your product or service documentation for details on configuring the HTTP headers.
- Identify Org IDs or Workspace IDs: Contact your customer success manager or Slack support to obtain a list of your organization and workspace IDs.
- Configure HTTP Headers:
- Header 1: Add the header
X-Slack-Allowed-Workspaces-Requester
and set its value to the workspace or org ID representing your Business+ or Enterprise Grid account. Only one ID should be added for this value. - Header 2: Add the header
X-Slack-Allowed-Workspaces
and set its value to a comma-separated list of allowed workspaces and/or org IDs. These represent the workspaces and/or orgs that need to be approved.
Who can use this feature?
- Workspace owners and workspace admins
- Business+ and Enterprise Grid subscriptions