SailPoint Gov for Slack

SailPoint Gov for Slack provides users access to corporate resources anytime, anywhere right from Slack. Users are distributed worldwide, the number of applications used are constantly increasing and the lines between who can access these applications and who should access these apps are increasingly getting blurred. SailPoint Gov for Slack enables users to get the access they need to stay productive from within the tool they use the most, all while maintaining strict governance and compliance controls.

The SailPoint Gov for Slack application is FedRAMP-Moderate compliant. This includes all supported features in FedRAMP tenants. For more information on FedRAMP compliance, refer to SailPoint's FedRAMP blog.

Important

Deployments of SailPoint Gov for Slack must be separated from other SailPoint for Slack instances.

With SailPoint Gov for Slack, users can:

• Make role or application requests from within Slack using a slash command or the Run shortcuts button
• Cancel an access request if they don't need it.
• Approve or deny new access requests and add comments if needed.
• Get notified when an access request is approved or denied along with comments.
• Get notified about certification campaign events such as generation, start, sign-off, and completion (admin users only).
• Get updates about Joiner, Mover, and Leaver events (admin users only).

Administrator privileges are required to receive certification campaign notifications.

Installing SailPoint Gov for Slack for Identity Security Cloud

To install SailPoint Gov for Slack for Identity Security Cloud:

1. Select Add to Slack from the SailPoint Gov for Slack landing page.

2. Enter your Identity Security Cloud tenant name and select Submit.

3. Accept the Slack Scopes. You will receive an installation success message.

4. You should now see the SailPoint app when you go to your Slack workspace.

Note

Only the Slack administrator of your organization can uninstall the SailPoint Gov for Slack app.

Logging in to SailPoint Gov for Slack for Identity Security Cloud

1. Open the SailPoint Gov for Slack app.

2. In the message box, type /sailpoint login and press Enter.

3. Select Connect. You will be redirected to SailPoint Identity Security Cloud.

4. Enter your credentials. You will be redirected to Slack. If you aren't automatically redirected, log in to Slack manually. You can now use the SailPoint Gov for Slack app.

Configuring Workspace Settings

Slack administrators can configure the settings for the SailPoint workspace, allowing org admins to select the Slack features users can access.

To configure workspace settings:

1. Open the SailPoint Gov for Slack app.

2. In the Home tab, select Settings in the upper-right corner to view the Workspace Settings.

3. Choose which features you want users to access from this workspace.

   Features you can choose from:

   • Create an Access Request - Submit access requests from Slack.
   • Approvals - Display the My Approvals tab to approve, deny, or reassign access requests from Slack.
   • Daily Summary - Receive a daily summary of pending work.
   • Reset Password - Start an Identity Security Cloud password reset from Slack.

4. (Optional) If you enabled Create an Access Request, a list of the types of access requests Slack supports appears. Select Configure requests to choose which types of access requests you want to enable for your workspace.

   Access request types you can choose from:

   • Application
   • Role
   • Entitlement

5. (Optional) If you enabled Approvals, you can specify additional details to display for the requestor and recipient in a given access request's View details list. By default, only the Date, Requested By, and Recipient fields are viewable.

   To specify additional details, enter a comma-separated list using the supported labels in the tables below into the Identity Attributes for My Approvals and Access Item Attributes for My Approvals fields as needed.

   Supported Identity Attribute Labels

   Business Line	Cleared To Trade Effective Date	Company Name
   Department	Email Address	Is People Manager
   Job Family	Job Family Group	Job Level
   Lifecycle State	Location	Manager
   Pnl Access	Start Date	Title
   UserName	Worker Type

   Supported Access Item Attribute Labels

   Account Name	cn	dn
   Privileged	sAM Account Name	Source Name

   Important

   Labels not included in these tables, as well as line breaks without commas, are ignored.

6. Select Save.

Configuring Event Notifications

Slack administrators can configure the Gov for Slack app to send them notifications when specific events take place. These notifications display in the Event Notifications tab. By default, administrators are subscribed to all event notifications.

To configure event notifications:

1. Open the SailPoint Gov for Slack app.

2. In the Home tab, select Event Notifications.

3. Select Settings in the Event Notifications section.

4. Select Unsubscribe beside the events you do not want to receive notifications for, and select Subscribe beside the events you want to receive notifications for.

   Events you can receive notifications for:

   • Identity Attribute Changes
   • Identity Deletions
   • Identity Creations

5. Select Close to save your changes and close the Event Notifications settings.

Creating an Access Request

Access requests can be created from the Messages tab. This can either be done using the Run shortcuts button in the message box or by typing commands into the message box.

Creating an Access Request Using the Run Shortcut Button

To create an application access request using the Run shortcut button:

1. Select the Run shortcut icon in the message box.

2. Select Create an access request with SailPoint to open the Access Request menu.

3. Select Application.

4. Select the application you are requesting access to.

5. Select the access profile you are requesting access to.

6. Select the user you are requesting access for.

7. (Optional) Add a comment about the request for the approver.

8. (Optional) Select an expiration date. On the selected date, access to the application is automatically removed.

9. Select Submit.

To create a role access request using the Run shortcut button:

1. Select the Run shortcut icon in the message box.

2. Select Create an access request with SailPoint to open the Access Request menu.

3. Select Role.

4. Select the role you are requesting access to.

5. If you are requesting access to the role for yourself, select Myself.

   If you are requesting access for another user, select their name from the dropdown list.

6. (Optional) Add a comment about the request for the approver.

7. (Optional) Select an expiration date. On the selected date, access to the role is automatically removed.

8. Select Submit.

To create an entitlement access request using the Run shortcut button:

1. Select the Run shortcut icon in the message box.

2. Select Create an access request with SailPoint to open the Access Request menu.

3. Select Entitlement.

4. Select the entitlement you are requesting access to.

5. If you are requesting access to the entitlement for yourself, select Myself.

   If you are requesting access for another user, select their name from the dropdown list.

6. (Optional) Add a comment about the request for the approver.

7. (Optional) Select an expiration date. On the selected date, access to the entitlement is automatically removed.

8. Select Submit.

Creating an Access Request Using Commands

To create an application access request using commands:

1. In the message box, type /Sailpoint create and press Enter to open the Access Request menu.

2. Select Application.

3. Select the application you are requesting access to.

4. Select the access profile you are requesting access to.

5. Select the user you are requesting access for.

6. (Optional) Add a comment about the request for the approver.

7. (Optional) Select an expiration date. On the selected date, access to the application is automatically removed.

8. Select Submit.

To create a role access request using commands:

1. In the message box, type /Sailpoint create and press Enter to open the Access Request menu.

2. Select Role.

3. Select the role you are requesting access to.

4. If you are requesting access to the role for yourself, select Myself.

   If you are requesting access for another user, select their name from the dropdown list.

5. (Optional) Add a comment about the request for the approver.

6. (Optional) Select an expiration date. On the selected date, access to the role is automatically removed.

7. Select Submit.

To create an entitlement access request using commands:

1. In the message box, type /Sailpoint create and press Enter to open the Access Request menu.

2. Select Entitlement.

3. Select the entitlement you are requesting access to.

4. If you are requesting access to the entitlement for yourself, select Myself.

   If you are requesting access for another user, select their name from the dropdown list.

5. (Optional) Add a comment about the request for the approver.

6. (Optional) Select an expiration date. On the selected date, access to the entitlement is automatically removed.

7. Select Submit.

Reviewing Pending Requests

You can cancel your pending access requests or review access requests made by others that require your approval. This can either be done from the Home tab or through the Messages tab through notifications.

Reviewing Pending Requests from the Home Tab

To cancel your pending request:

1. Select My Requests.

2. Identify the request you would like to cancel and select Cancel. Add a comment with the reason for cancellation if needed.

3. Select Submit.

To review pending approvals:

1. Select My Approvals.

2. Identify the request you want to review. Select the Approve or Deny option. Provide a comment if necessary, then select Submit. Select the X to return to the list of pending requests.

Reviewing Pending Requests from the Messages Tab

As a Requester, you receive a notification any time you create a request. As a Reviewer, you receive a notification every time a new request is submitted by a requester in the SailPoint Gov for Slack app or Identity Security Cloud service.

To review your request using the Messages tab:

1. Receive the Request Submitted notification.

2. Select Cancel Request on the notification.

To review an approval request using the Messages tab:

1. Receive the Request Submitted notification.

2. Select Approve or Deny on the notification.

Resetting Your Password

You can reset your password from the Messages tab using commands or using buttons on the Home tab.

To reset your password from the Messages tab:

1. In the message box, type /Sailpoint reset and press Enter. You will be redirected to a browser to complete your password reset.

To reset your password from the Home tab:

1. From the Home tab, select Help & Feedback.

2. Select Reset Password. You will be redirected to a browser to complete your password reset.

Notifications

The SailPoint Gov for Slack app can send notifications for certain events through the Messages tab. Some are only sent to admins. The following is a list of notifications you can receive from the SailPoint Gov for Slack app:

• Request submitted. Actionable: You can cancel the request.

• Request canceled

• Request approved

• Request denied

• New access request for review. Actionable: You can approve or deny request.

• Certification campaign notifications (admin only)

  • Certification campaign generated

  • Certification campaign activated

  • Certification campaign signed off

  • Certification campaign ended

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.