Slack Bot

Included with Workshop is a Slack chat bot that can help users go through an approvals workflow in Slack.

Configuring Slack

In order to use the Slack Bot integration you must have permissions to generate a Configuration token in your Slack workspace.

Follow the instructions at https://api.slack.com/reference/manifests#config-tokens to create a configuration token
In Workshop, go to the Settings page and scroll down to the Slack settings card, then click the "Initialize Slack Bot" button
In the modal paste the configuration token from step one and click Submit
Click Close
Open https://api.slack.com/apps and select the Workshop App.
Customize it to your liking, including icon or change the name of the bot.
Install the app into your Slack workspace by selecting Settings > Install App and clicking the button
Collect the Slack Bot token and Signing Secret.

Configuring Workshop

Next you need to configure Workshop's bot to use the new Slack app. In Workshop start by going to the Settings page and scrolling down until you see the Slack Settings card.

Fill in your Slack Workspace Name

This is the portion of your Slack workspace domain name before the slack.com, portion. For example if your workspace is example.slack.com then your workspace for workshop should be listed as example

Fill in your Slack Bot token in the Slack Token field

You can specify the slack bot token from step 7 of the previous section to store the token in the database. This field also supports using the AWS and GCP secret stores.

If you are using AWS, you can use SecretManager by doing the following:

Give the Workshop service account read access to the secret
- The Workshop service account is displayed at the top of the Settings page
Pass the ARN to the secret prefixed with a aws:// e.g. aws://arn:aws:secretsmanager:us-east-1:940000000003:secret:SlackSecret-YYLN9X

If you are using GCP, you can use SecretsManager by doing the following:

Give the Workshop service account read access to the secret
- The Workshop service account is displayed at the top of the Settings page
Specify the path to the secret as gcp://projects/projectID/secrets/secretID/versions/latest

Fill in your HMAC secret

The HMAC secrete ensures that Workshop will only receive traffic from Slack

The HMAC secret is the signing secret from the previous Slack section. Simply cut and paste this here. Additionally this can also use the secret stores just like the slack token in the previous section

Save your slackbot settings

Simply save your settings using the save settings button.

Configure Your Approvals Workflow to use Slack Notifications

The Slack bot will only send messages when all of the following are true:

Santa has blocked an application from running on a users system
The user is running in Lockdown mode and does not have an explicit rule allowing it
The user is part of a tag that has approval workflows configured to use Slack notifications

Configuring via the API

All of the above steps aside from the Slack portions can be accomplished using the InstallChatBot and UpdateChatSettings API methods.

Additionally these settings can be saved using the GetChatSettings API.

All methods require the settings:write and settings:read permissions.

Configuring Santa (optional)

By default Santa will redirect users to the web based approvals workflows.

If you want users to go directly to the Slack message when an application is blocked you can specify an EventDetail of https://<your instance>.workshop.cloud/slack/details/%machine_id%/%file_identifier% to have the open button in the Santa modal direct users to Slack.

Configuring Slack​

Configuring Workshop​

Fill in your Slack Workspace Name​

Fill in your Slack Bot token in the Slack Token field​

Fill in your HMAC secret​

Save your slackbot settings​

Configure Your Approvals Workflow to use Slack Notifications​

Configuring via the API​

Configuring Santa (optional)​