Slack
08/2024
Overview
Cisco Identity Intelligence (CII) can integrate with one or more Slack tenants to both ingest Slack identities as a source AND provide notifications to Slack channels and users.
NOTE - you can have multiple target notification channels configured for the same Slack org.
Privacy Policy
For information on Cisco Identity Intelligence Privacy Policy, please see this resource.
Integration with Slack
To enable the integration with Slack, you will need to add the Cisco Identity Intelligence bot for Slack available on the Slack App Directory to your Slack workspace.
Geographic Distribution
Cisco Identity maintains different bots for Slack for different geographic deployments (names listed below).
During the setup process, you will be automatically directed to the correct bot for Slack based on your tenant location. This is for informational purposes only and no action is required on your part.
Cisco Identity Intelligence Bot (this is our main bot, the U.S. deployment)
Cisco Identity Intelligence Bot AU
Cisco Identity Intelligence Bot EU
Cisco Identity Intelligence Bot JP
Cisco Identity Intelligence Bot UK
Permission requirements within Slack
By default, any workspace member can install apps to Slack. However, many organizations have restricted the ability to install 3rd party apps to only administrators or via an approval process. If you don’t have permission to install apps, you may be able to submit an app request instead.
NOTE - While CII asks for permission to view email addresses of people in your workspace for account identification purposes (shown in screenshot below), CII does not use the emails from Slack to actually send emails to users.
High-level Setup Steps
There are 3 steps you need to go through to set up the integration with Slack for your CII tenant.
Add the CII Bot for Slack to your Slack workspace
Configure the destination Slack channel for notifications
Enable the Slack notification as a target in one or more CII Checks (none are selected by default - you must opt-in for specific Check failure notification messages)
Add CII Bot to Slack
To add the CII Bot for Slack, perform the following steps.
Login to the CII Dashboard with a CII full admin account that meets these requirements
It exists in the desired Slack organization under the same user name
It has permissions to install applications within your Slack organization (or the CII bot has been pre-approved for your org)
From the Integrations tab, click on Add Integration
From the Notification Targets list, select Add Slack Target
Provide the following details for the integration
Display name
Description (optional)
Select the purpose of this particular Slack notification target. This could be one or both of these options:
Check failures - notifications will be sent for the configured Checks - see #configure-slack-notification-target-details
Data collection - notifications will be sent to this channel if any the data collection fails for any of the integrations
Select Install Identity Intelligence Bot on your Slack Workspace
On the next screen, check the box to confirm that the CII signed in user is a member of the target Slack org and then click Install Identity Intelligence Bot for Slack button.
The browser will redirect Slack to accept permissions for the Identity Intelligence Bot for Slack. Click Allow. Note -
You must be signed into the Slack workspace where you want to install the CII Bot for Slack.
To select a different workspace, use the drop-down menu in the upper right corner of the browser window.
The browser will redirect back to the CII console and the name of your Slack workspace will now show in the Notification Target configuration screen. Select a target Channel or an individual user (required).
Channel can be either a public channel OR a private channel the CII Bot for Slack was added to already.
If you do not see the name of a private channel, add the CII Bot to the channel first and then use the Please refresh channel button show below.
You can only add the CII Bot for Slack to channels that your user on the Slack workspace can access.
User is the email address of a member of the Slack workspace.
As mentioned above, the "Use this target for" can be a combination of Failed Check and/or Data Collection.
Failed Check means the notification target will be notified after checks are evaluated with the failed check results.
Data Collection means the notification target will be notified after a manually-triggered collection of an integration ends, or whenever a manual or scheduled data collection fails with an error. (shown below)
Click Save in the upper right corner of the screen. The new integration with Slack will now be shown on the main Integrations screen.
Repeat this process for any other Slack orgs OR to create new notification target channels within the SAME Slack org. CII can have multiple target notification channels configured for the same Slack org. As shown below, you can have multiple notification target types. To see the configured Checks for a particular target, click the blank space in that row to see the slide out on the right hand side.
Enable Notifications via Slack for Checks
The next, optional, step is to enable Slack notifications for one or more checks. By default, a notification target configured for "Failed checks" will get a message for each check that has users failing the check conditions. A notification target can be configured to be notified only for specific checks.
Navigate to the Checks page from the left side menu and then click on a specific Check type, such as Weak MFA Configured.
On the right side of the page, check the box to enable notifications for the Slack workspace and channel you configured.
The Slack workspace will now show as enabled for that Check type.
Within each individual Check details pane, you will be able to pick one or more notification targets for Slack channels or individual users.
Test Slack Notifications
To test Slack notifications, click the Test button for that notification target.
Last updated