If you're having trouble at any stage please contact us at support@skyformation.com.
Preface
The goal of this guide is to add a new SkyFormation for Slack Enterprise Grid cloud connector to your SkyFormation Platform.
Prerequisites
1. Have the following Slack information at hand
To add the Slack Enterprise Grid connector to your SkyFormation app, you will need to have the following Slack Enterprise Grid information at hand eventually:
- client id
- client secret
Below are the steps needed to get these.
2. Create a Slack app for integration
- Login to your Slack Enterprise Grid
- Go to: https://api.slack.com/apps
- Press the Create New App button
- In the below form fill in the needed information
App name - Give the application a friendly name (e.g. skyformationSlackApp)
Development Slack Workspace - Choose a Workspace that the App belong to (any)
- Press Create App
3. Configured the OAuth settings for the created App
- Navigate in the lefthand tab to the OAuth & Permissions page
- Insert the Redirect URL
- Press the Add New Redirect URL button
- Insert the following URL
https://auth.skyformation.
- Press Add button
- Press the Save URLs button
- Set the needed OAuth scopes
- Scroll down in the page to the Scopes section
- In the Select Permission Scopes drop down choose the following scopes
(Required) auditlogs:read - Needed to interact with the Audit Log API
(Optional) admin - Needed to get users/groups information
- Press the Save Changes button
Note: This connector syncs groups and users for enrichment of events. In order to do that the "admin" permission needs to be added. You may not want to add the 'admin' permission for this service because of security reasons, so you may want to disable this configuration. You can find instructions for that here: https://support.skyformation.com/hc/en-us/articles/360014958060-How-to-Disable-Sync-of-Users-and-Groups-in-the-SkyFormation-Application.
4. Configure the application distribution
- Navigate in the lefthand tab back to the Basic Information page
- Press the Manage distribution link
- Press the Distribute App button
- Scroll down to the Share Your Web Other Workspaces section
- Press the Remove Hard Coded Information link
- Check the "I've reviewed and removed any hard-coded information" check box
- Press the Activate Public Distribution button
5. Collect the application secret id and secret keys needed
- Navigate in the lefthand tab back to the Basic Information page
- Scroll down to the App Credentials section
- Copy the Client ID and Client Secret values
Steps
1. Logon to your SkyFormation Platform:
2. Navigate via left navigation panel to "Settings" section
3. Navigate via New Settings left navigation panel to "Accounts" section
4. Click the "Add Account" bottom
5. At the "SELECT SERVICE TO ADD" choose "Slack". You will see the following screen:
6. Fill in the following information:
- Account Name
Give the Slack account a meaningful name for you.
This will become your cloud app connector name displayed in the application and the
events sent to external systems as SIEM/Log management. This is a mandatory field.
e.g. "Corporate Slack for collaboration"
- Description
Add a text that describes the Slack service account for you.
This is an optional field.
- Client_id
The account client_id from the prerequisite section
- Client_secret
The account secret obtained in the prerequisite section
- External Authentication (interactive process done by Slack admin)
Your Slack admin will now need to perform an interactive process of granting the SkyFormation
Slack connector the needed authorization to interact with the Slack API.
- Press the OPEN EXTERNAL OAUTH WINDOW button
- When asked to approve the needed permissions in the pop up approve
At this point you can click on "TEST CONNECTION" to make sure the connection is setup
successfully, or just click on "DONE".
7. Start the Slack Enterprise Grid connector
At the SkyFormation Accounts settings page allocate the connector just added
and press its START button.
Make sure it is correctly running with "OK" status stay stable after 2-5 minutes
Comments
0 comments
Please sign in to leave a comment.