Configuration

Slack Configuration

Before you begin, confirm you have the required Slack permissions. See Prerequisites for more information.

Use the following table to determine which installation scope applies to your Slack plan:

Configuration Area Slack Pro Slack Business+ Enterprise Grid
App Creation Any Workspace Owner can create at api.slack.com/apps. May require app approval before installation if app management policy is enabled. Must be created and managed at the org level; requires Org Admin or Org Owner approval.
App Approval No approval required; Workspace Owner installs directly. Admin may have enabled app approval policies; custom apps may be restricted. Org-level app management policies may enforce approval before install.
Installation Scope Workspace-level only. Workspace-level only. Can be workspace-level or org-level; Secret Server requires workspace-level install.
Who Should Install Workspace Owner. Workspace Owner (not restricted admin). Regular Workspace Owner or Member (NOT Org Admin / cloudadmin).

Before you begin: Steps 1-7 apply for all Slack plans. At step 8, the installation process differs based on your plan:

  • For Slack Pro: see "Standard Installation (Slack Pro)".

  • For Slack Business+ or Enterprise Grid: see "Enterprise Grid and Business+ Installation".

Step 1: Create the Slack App

  1. Go to the Slack API portal and click Create an App > From Scratch.

  2. In the popup that appears, enter Secret Server Bot as the App Name.

  3. Select your target workspace from the Pick a workspace to develop your app in dropdown list.

  4. Click Create App and navigate to the App Credentials section.

    CreateSlaclApp

  5. Record the App ID and Signing Secret.

    image-20210511122742087

You can use the deprecated verification token in the Bot Token text box in Secret Server instead, but we strongly recommend against it. Use the Signing Secret for improved security.

Step 2: Configure Secret Server

  1. In Secret Server, go to Settings.

  2. Enter Slack in the search box on the upper-right corner of the page.

  3. Click Slack Integration in the search results.

  4. Click Edit on the Slack Integration page and configure the following settings:

Setting Value
Enable Secret Interactions Select this checkbox.
Enable Inbox Notifications Select this checkbox.
App ID Enter the App ID from Step 1.
Signature Key Enter the Signing Secret from Step 1.
Bot Token

Leave empty. Use this field only if you used

a deprecated verification token in Step 1.

  1. Click Save to save the integration settings.

Step 3: Configure Display Information

  1. In the Slack API interface, scroll down to the Display Information section and enter the app name and description.

  2. Set the app icon to the official Delinea Secret Server bot image shared below:

Secret-Server

Step 4: Configure OAuth and Permissions

  1. In the Slack API interface, click OAuth & Permissions in the left menu.

  2. Scroll down to the Scopes section.

  3. Click Add an OAuth Scope and add the required Bot Token Scopes specified in the following screenshot:

image-20201201124510630

Step 5: Configure the Bot User and App Home

  1. Click App Home (previously Bot User) in the left menu.

  2. Enable the Always Show My Bot as Online toggle.

alt

  1. Enable the Home Tab toggle.

alt

  1. Go to the Incoming Webhooks section and enable the Incoming Webhooks toggle.

Step 6: Configure Interactivity and Shortcuts

Skip the shortcut step if you do not want users to be able to search for secrets within Slack.

  1. Go to the Interactivity & Shortcuts section and enable the Interactivity toggle.

alt

  1. Enter the following URL in the Request URL text box:

    https://<Secret Server instance>/api/v1/slack/interaction

  2. Click Create New Shortcut in the Shortcuts section to add a Global Shortcut.

  3. Name the shortcut Secret Search and set the Callback ID to secretsearch.

Step 7: Configure Event Subscriptions

Event subscriptions allow the Secret Server Bot to respond to user actions in Slack, such as opening the Home tab.

  1. Go to the Event Subscriptions section in the Slack API interface.

  2. Enable the Enable Events toggle.

  3. Enter the following URL in the Request URL text box:

    https://<Secret Server instance>/api/v1/slack/event

    When you add this URL, Slack confirms connectivity by sending a challenge message to your server. If any firewall or network connectivity issues are present, you cannot proceed past this point until the issues are resolved.

  4. In the Subscribe to bot events section, click Add Bot User Event and add the required events.

alt

  1. Click Add Workspace Event to add the app_home_opened event.

alt

Step 8: Install the App

Follow the process below based on your Slack App type and install scope as per the table at the beginning of this section to determine which installation procedure applies to your Slack plan.

Standard Installation (Slack Pro)

  1. Go to Install App in the left pane and click Install to Workspace.

  2. Install the app into one of your workspace channels. You can use #general because the Secret Server Bot does not send messages to any channels. Slack needs this association.

  3. Copy the Bot User OAuth Access Token into the Secret Server Slack Integration settings (the Bot Token field under Settings > Slack Integration > Edit).

Enterprise Grid and Business+ Installation

Customers on Slack Business+ or Enterprise Grid plans should follow additional steps to ensure the integration works correctly. The core Secret Server configuration (App ID, Signing Secret, endpoint URLs, OAuth scopes) remains the same across all Slack plans. The differences are in app approval workflows and installation procedures.

Phase 1: Preconfiguration

  1. Identify the correct installing user. Choose a regular workspace owner or member (not an Org Admin or cloudadmin). This user must have normal channel membership in the target workspace.

  2. Check app management policies. In Slack, go to Settings & Administration > Manage Apps. Verify whether app approval is required. If so, coordinate with your Slack Org Admin to preapprove the Secret Server Bot app or to temporarily allow custom app installation.

  3. Verify network connectivity as described in the Network Prerequisites section.

Phase 2: Install the App

  1. Enterprise Grid only: Ensure the app is being installed at the workspace level, not the org level. In the Install App section, select the specific workspace (not the organization).

  2. If app approval is required, submit the installation request. An Org Admin must approve it via Manage Apps before the app becomes active.

  3. Install to Workspace using the identified regular workspace member account (not cloudadmin). Associate with #general or any channel.

  4. Copy the Bot User OAuth Access Token into the Secret Server Slack Integration settings.

  5. Verify that Event Subscriptions show “Verified” with a green checkmark and test the integration by having a user sign into the Secret Server Bot via the Slack Apps sidebar.

Do not install with an Admin Account. If your organization uses Slack Business+ or Enterprise Grid, the Slack app must be installed by a regular workspace owner or member account. Never use a Slack Org Admin or Secret Server cloudadmin account; installing with an admin account can cause Event Subscriptions to fail silently. See the Enterprise Grid column on the table.