1 of 3

Slack

Direct Connection

Background

The Worklytics platform collects and analyzes workplace data at the instruction of Customer Organizations on their behalf, in accordance with our Privacy Policy, Terms of Service, and any customer agreement / laws / regulations which may supersede those terms. The Customer Organization remains the controller of this data and may instruct Worklytics to halt processing and destroy it at any time.

“Data Connectors” conceptualize the collection of workplace data, representing the connection via which Worklytics will collect data from a single data source.

Slack is a workplace communication tool that mainly allows employees to communicate through messaging. Some communication happens in channels that can be public or private, and between one or many people.

How to Connect Slack to an Existing Worklytics Account

Log-in in the Slack workspace you want to connect.
Log-in as an administrator to your Worklytics account by visiting https://app.worklytics.co.
Go to "Manage > Data Connections" from the sidebar menu, and click on "Add New Connection".
Find "Slack" in the list and click "Connect". You'll be redirected to Slack.
Once in Slack you will be prompted to grant access to the Worklytics Application. Click "Allow".

Back to the Worklytics "Data Connections" check a Slack connection has been created.

Permissions Required (scopes)

During the installation Slack will prompt you to grant the following permissions.

Note: Worklytics at the moment only operates on public channels, not on private or 1:1 conversations.

channels:read, list all public channels in the workspace.
channels:history, read historical messages on public channels.
users:read, list all slack users.
users:read.email, retrieve email of slack users, needed to match identities.

How to Connect using Slack Discovery API

For enabling the Slack Discovery API integration you must first set up an App on your Slack Enterprise instance.

Take note of your App ID (listed in "App Credentials"), contact your Slack representative and ask them to enable the discovery:read scope for that App ID. If they also enable discovery:write then delete it for safety, the app just needs read access.
Go to "OAuth & Permissions" section and add the following scopes:
- Bot Token Scopes: users:read. This scope is needed to allow "Org-Wide" installations of the App: if this is your use-case; go to "Settings > Manage Distribution > Enable Org-Wide App installation", click on "Opt into Org Level Apps", agree and continue. This allows to distribute the app internally on your organization, to be clear it has nothing to do with public distribution or Slack app directory.
- User Token Scopes: discovery:read

After completing the steps above, you can connect your Worklytics account to the Slack App:

Go to the Slack Discovery API connector page
Take note of the Worklytics Redirect URL listed in the page. Go to the "OAuth & Permissions" section of your Slack App, and add it to the "Redirect URLs" section.
Now, review and fill the form with the required values of your App:
- Client ID
- Client Secret
You can find them in the "App Credentials" section of your App (same section where you'd get the App ID before).
Once you click "Allow", you'll be redirected back to Worklytics. Click on "Connect" to complete the connection.

How Worklytics Uses Slack data

Worklytics uses the email address and usernames to match user between other workplace applications.
Worklytics retrieves the messages of the public channels but do not store their contents, just metadata associated with them like the message length, reactions or mentions to other uses.

Alternative Connectors

Worklytics also supports connecting your organization's Slack data via our Pseudonymization Proxy Service (see: https://docs.worklytics.co/psoxy/sources/slack ) and via bulk data import (see HRIS Snapshots).

Data Inventory

The following table(s) contains detailed examples of the metadata fields available from the Slack API endpoints Worklytics leverages. In order to pseudonymize and sanitize PII and other potentially sensitive data, Worklytics provides access to a Data Loss Prevention (DLP) Proxy, which allows customers to pre-filter metadata, within customer infrastructure, before it is sent to Worklytics for processing.

These are the fields Worklytics recommends but the Worklytics DLP Proxy provides full field-level control and therefore any field may be removed or sanitized.

Field descriptions are taken from third party API documentation, these are maintained on a best effort basis and Worklytics can not guarantee their indefinite accuracy. Please refer to the source API site for the most up-to-date documentation.

How to read the "DLP Proxy" column in the table(s):

🔴 This field is completely redacted by the DLP Proxy

⭕ This field is transformed, usually partially redacted

🟡 This field is "pseudonymized" by the DLP Proxy: only a SHA256 hash of its value is sent to Worklytics; never the value itself

To see only the fully sanitized version of this document, click here.

Worklytics requires access to the following API primary endpoints:

Enterprise

API docs: https://api.slack.com/enterprise/discovery/methods#enterprise_info

DLP Proxy docs: Slack

User

API docs: https://api.slack.com/enterprise/discovery/methods

DLP Proxy docs: Slack

Message

API docs: https://api.slack.com/enterprise/discovery/methods

DLP Proxy docs: Slack

Conversation

API docs: https://api.slack.com/enterprise/discovery/methods

DLP Proxy docs: Slack

Direct Connection

Background

“Data Connectors” conceptualize the collection of workplace data, representing the connection via which Worklytics will collect data from a single data source.

How to Connect Slack to an Existing Worklytics Account

Log-in in the Slack workspace you want to connect.
Log-in as an administrator to your Worklytics account by visiting https://app.worklytics.co.
Go to "Manage > Data Connections" from the sidebar menu, and click on "Add New Connection".
Find "Slack" in the list and click "Connect". You'll be redirected to Slack.
Once in Slack you will be prompted to grant access to the Worklytics Application. Click "Allow".

Back to the Worklytics "Data Connections" check a Slack connection has been created.

Permissions Required (scopes)

During the installation Slack will prompt you to grant the following permissions.

Note: Worklytics at the moment only operates on public channels, not on private or 1:1 conversations.

channels:read, list all public channels in the workspace.
channels:history, read historical messages on public channels.
users:read, list all slack users.
users:read.email, retrieve email of slack users, needed to match identities.

How to Connect using Slack Discovery API

For enabling the Slack Discovery API integration you must first set up an App on your Slack Enterprise instance.

Go to https://api.slack.com/apps and create an App. Select "From scratch", choose a name (for example "Worklytics connector") and a development workspace.
Take note of your App ID (listed in "App Credentials"), contact your Slack representative and ask them to enable the discovery:read scope for that App ID. If they also enable discovery:write then delete it for safety, the app just needs read access.
Go to "OAuth & Permissions" section and add the following scopes:
- Bot Token Scopes: users:read. This scope is needed to allow "Org-Wide" installations of the App: if this is your use-case; go to "Settings > Manage Distribution > Enable Org-Wide App installation", click on "Opt into Org Level Apps", agree and continue. This allows to distribute the app internally on your organization, to be clear it has nothing to do with public distribution or Slack app directory.
- User Token Scopes: discovery:read

After completing the steps above, you can connect your Worklytics account to the Slack App:

Go to the Slack Discovery API connector page
Take note of the Worklytics Redirect URL listed in the page. Go to the "OAuth & Permissions" section of your Slack App, and add it to the "Redirect URLs" section.
Now, review and fill the form with the required values of your App:
- Client ID
- Client Secret
You can find them in the "App Credentials" section of your App (same section where you'd get the App ID before).
Click on "Authorize Connection". Worklytics will redirect you to Slack, where you'll be prompted to grant access to the connection.
Once you click "Allow", you'll be redirected back to Worklytics. Click on "Connect" to complete the connection.

How Worklytics Uses Slack data

Worklytics uses the email address and usernames to match user between other workplace applications.
Worklytics retrieves the messages of the public channels but do not store their contents, just metadata associated with them like the message length, reactions or mentions to other uses.

Alternative Connectors

Data Inventory

These are the fields Worklytics recommends but the Worklytics DLP Proxy provides full field-level control and therefore any field may be removed or sanitized.

How to read the "DLP Proxy" column in the table(s):

🔴 This field is completely redacted by the DLP Proxy

⭕ This field is transformed, usually partially redacted

🟡 This field is "pseudonymized" by the DLP Proxy: only a SHA256 hash of its value is sent to Worklytics; never the value itself

To see only the fully sanitized version of this document, click here.

Worklytics requires access to the following API primary endpoints:

Model

Description

API docs

Enterprise

API docs: https://api.slack.com/enterprise/discovery/methods#enterprise_info

DLP Proxy docs: Slack

DLP Proxy

Property Name

Type

Description

User

API docs: https://api.slack.com/enterprise/discovery/methods

DLP Proxy docs: Slack

DLP Proxy

Property Name

Type

Description

Message

API docs: https://api.slack.com/enterprise/discovery/methods

DLP Proxy docs: Slack

DLP Proxy

Property Name

Type

Description

Conversation

API docs: https://api.slack.com/enterprise/discovery/methods

DLP Proxy docs: Slack

DLP Proxy

Property Name

Type

Description