--- title: "Slack - Workshop Docs" description: "Slack - Enterprise control plane for Santa. Manage rules, approvals, telemetry, and policies across your macOS fleet." doc_version: "1" last_updated: "2026-05-22" canonical: "https://northpole.security/docs/workshop/slack" --- # Slack Bot Included with Workshop is a Slack chat bot that can help users go through an approvals workflow in Slack. ## Configuring Slack In order to use the Slack Bot integration you must have permissions to generate a [Configuration token](https://api.slack.com/concepts/token-types#config) in your Slack workspace. - Follow the instructions at [https://api.slack.com/reference/manifests#config-tokens](https://api.slack.com/reference/manifests#config-tokens) to create a configuration token. For an Slack admin user this is usually at the bottom of [https://api.slack.com/apps/](https://api.slack.com/apps/) - In Workshop, go to the Settings page and scroll down to the Slack settings card, then click the “Initialize Slack Bot” button - In the modal paste the configuration token from step one and click Submit - Click Close - Open [https://api.slack.com/apps](https://api.slack.com/apps) and select the Workshop App. - Customize it to your liking, including icon or change the name of the bot. - Install the app into your Slack workspace by selecting Settings > Install App and clicking the button - Collect the Slack Bot token and Signing Secret. ## Configuring Workshop Next you need to configure Workshop’s bot to use the new Slack app. In Workshop start by going to the Settings page and scrolling down until you see the Slack Settings card. ### Fill in your Slack Workspace Name This is the portion of your Slack workspace domain name before the `slack.com`, portion. For example if your workspace is `example.slack.com` then your workspace for workshop should be listed as `example` ### Fill in your Slack Bot token in the Slack Token field You can specify the slack bot token from step 7 of the previous section to store the token in the database. This field also supports using the AWS and GCP secret stores. If you are using AWS, you can use SecretManager by doing the following: - Give the Workshop service account read access to the secret - The Workshop service account is displayed at the top of the Settings page - Pass the ARN to the secret prefixed with a `aws://` e.g. `aws://arn:aws:secretsmanager:us-east-1:940000000003:secret:SlackSecret-YYLN9X` If you are using GCP, you can use SecretsManager by doing the following: - Give the Workshop service account read access to the secret - The Workshop service account is displayed at the top of the Settings page - Specify the path to the secret as `gcp://projects/projectID/secrets/secretID/versions/latest` ### Fill in your HMAC secret The HMAC secrete ensures that Workshop will only receive traffic from Slack The HMAC secret is the signing secret from the previous Slack section. Simply cut and paste this here. Additionally this can also use the secret stores just like the slack token in the previous section ### Save your slackbot settings Simply save your settings using the save settings button. ## Required Scopes The Workshop Slack app requires the following OAuth scopes. These are automatically configured if you use the manifest-based installation flow. ### Bot Token Scopes Scope Purpose `channels:join` Join designated approval channels to post notifications `channels:read` List available channels for configuration `channels:history` Update approval messages in public channels `chat:write` Send approval and notification messages `groups:read` List private channels the bot has been added to `groups:history` Update approval messages in private channels `groups:write` Create and post in group conversations for approver workflows `im:read` List direct message conversations `im:write` Send direct messages to users for approval notifications `im:history` Update approval messages in direct messages `mpim:read` List group chats created for social voting workflows `mpim:history` Update approval messages in social voting group chats `mpim:write` Create group chats and post messages for social voting workflows `users:read` Look up user information for approval workflows `users:read.email` Map users by email address for designated approver workflows ### User Token Scopes Scope Purpose `identity.email` Read the user’s email for identity mapping `openid` OpenID Connect authentication ## Configure Your Approvals Workflow to use Slack Notifications The Slack bot will only send messages when all of the following are true: - Santa has blocked an application from running on a users system - The user is running in [Lockdown mode](https://northpole.dev/features/binary-authorization/#client-mode) and does not have an explicit rule allowing it - The user is part of a tag that has approval workflows configured to use Slack notifications ## Configuring via the API All of the above steps aside from the Slack portions can be accomplished using the `InstallChatBot` and `UpdateChatSettings` API methods. Additionally these settings can be saved using the `GetChatSettings` API. All methods require the `settings:write` and `settings:read` permissions. ## Configuring Santa (optional) By default Santa will redirect users to the web based approvals workflows. If you want users to go directly to the Slack message when an application is blocked you can specify an [EventDetail](https://northpole.dev/configuration/keys/#EventDetailURL) of `https://.workshop.cloud/slack/details/%machine_id%/%file_identifier%` to have the open button in the Santa modal direct users to Slack. ## Sitemap - [Home](https://northpole.security/index.md) - [Workshop](https://northpole.security/workshop.md) - [Santa](https://northpole.security/santa.md) - [Features](https://northpole.security/features.md) - [Cookbook](https://northpole.security/cookbook.md) - [Docs](https://northpole.security/docs.md) - [Blog](https://northpole.security/blog.md) - [Glossary](https://northpole.security/glossary.md) - [About](https://northpole.security/about.md) - [Contact](https://northpole.security/contact.md)