Slack Notification Integration

06/2022 - rev 3

Overview

Oort can integrate with one or more Slack tenants to provide notifications and in some cases automation of frequently recurring identity tasks.

Goal

The goal of this document is to walk through configuration of a Slack tenant and test notifications from one or more Oort identity health metrics.

Audience

This document is intended for identity security, IAM, and IT administrators responsible for integrations between identity, security, and collaboration platforms, including notifications, alerting, and incident remediation.

Next Steps

After Slack integration is complete, notifications can be tuned to meet your specific organizational needs.

Slack Integration

To enable Slack integration, you will need to add the Oort Bot for Slack available on the Slack App Directory to your Slack workspace.

Permission requirements within Slack

By default, any workspace member can install apps to Slack. If you don’t have permission to install apps, you may be able to submit an app request instead.

NOTE - While Oort asks for permission to view email addresses of people in your workspace for account identification purposes (shown in screenshot below), Oort does not use the emails from Slack to actually send emails to users.

High-level Setup Steps

There are 3 steps you need to go through to set up the Slack integration with your Oort tenant.

  1. Add the Oort Bot for Slack to your Slack workspace
  2. Configure the destination Slack channel for notifications
  3. Enable the Slack notification as a target in one or more Oort health checks

Add Oort Bot to Slack

To add the Oort Bot for Slack, perform the following steps.

  1. Login to the Oort Dashboard
  2. From the Integrations tab, click on Add Integration

    screenshot 2022 02 01 112727

  3. From the Notification Targets list, select Add Slack Target

    add24ec4 2c0b 4df2 940e c1a6336fa02c

  4. Select Install Oort Bot for Slack

    screenshot 2022 02 01 114215

  5. The browser will redirect Slack to accept permissions for the Oort Bot for Slack. Click Allow.
    Note -

    • You must be signed into the Slack workspace where you want to install the Oort Bot for Slack.
    • To select a different workspace, use the drop-down menu in the upper right corner of the browser window.

    screenshot 2022 05 10 111451 slack permissions

Configure Slack Notification Target Details

The browser will redirect back to the Oort console and the name of your Slack workspace will now show in the Notification Target configuration screen. Enter a Name, Description (optional), the use of this target, and a target Channel (required).

  • Channel can be either a public channel, a private channel the Oort Bot for Slack was invited to, or the email address of a member of the Slack workspace. You can only add the Oort Bot for Slack to channels that your user on the Slack workspace can access.
  • Uses can be a combination of Failed Check and Data Collection.

    • Failed Check means the notification target will be notified after checks are evaluated with the failed check results.
    • Data Collection means the notification target will be notified after a manually-triggered collection of an integration ends, or whenever a manual or scheduled data collection fails with an error.

Note - If creating multiple notification channels from the same Slack workspace (see below), indicate in the Name field which channel is configured.

slack uses

Click Save in the upper right corner of the screen. The new Slack integration will now be shown on the main Integrations screen.

screenshot 2022 02 01 150955

Enable Notifications via Slack for a Health Check

The next, optional, step is to enable Slack notifications for one or more checks.
By default, a notification target configured for "Failed checks" will get a message for each check that has users failing the check conditions. A notification target can be configured to be notified only for specific checks.

Navigate to the Checks page from the left side menu and then click on a specific Check type, such as Weak MFA Configured.

On the right side of the page, check the box to enable notifications for the Slack workspace and channel you configured.

screenshot 2022 02 01 152025

The Slack workspace will now show as enabled for that Check type.

screenshot 2022 02 01 152308

Test Slack Notifications

To test Slack notifications, return to the main Checks page and click Run Checks Now in the upper right area of the screen.

screenshot 2022 02 01 152826

Within the configured Slack channel, you will see the notification from the Oort app.

screenshot 2022 02 01 153320

Adding Multiple Slack Channels

To add more than one channel from the same Slack workspace as a notification target, repeat the process above starting with Add Integration to add a new Slack notification target. Select the same Slack workspace that you already added, but enter a different Name and Channel and click Save.

It is recommended to indicate in the Name field which channel is configured.

Within each individual Check details pane, you will be able to pick one or more Slack target integrations.