Overview

You can configure Opal to integrate with your Slack workspace, in order to send notifications to requesters and reviewers about permission and group access requests.

Setup

  1. Log into the Slack workspace you want to integrate with Opal. You should be an administrator of that workspace.

  2. If you are an administrator of your Opal application, you will be able to see the Admin link on the left sidebar. Click on it.

The subsequent setup steps will be different, depending on the cloud or on-premise version.

Cloud

  1. Click Connect on the Slack integration in the Opal Admin page.

  2. For the Organization name field, input the Slack domain corresponding to the workspace you want to link to Opal. For example, if your workspace is called opal-test-workspace (with the associated URL opal-test-workspace.slack.com), then input opal-test-workspace.

  3. After entering this, you will be redirected to a page from Slack asking you to grant the Opal Slack app with permissions to access your workspace. If the link does not work, ensure that the Slack workspace you are requesting is the only Slack workspace you are logged into. Click Allow, and you will be redirected to the Admin page.

On-Premise

For on-premise, it is first necessary to create a new Slack app representing the Opal app.

  1. Navigate to api.slack.com/apps and click on the Create New App button.

  2. A UI like the following should appear:

For App Name, write Opal (or any name you prefer to represent the Opal app).
For Development Slack Workspace, select the Slack workspace associated with your on-premise integration, and click the Create App button.

3. After the app is created, click on Basic Information on the left sidebar, and record the Client ID, Client Secret and Signing Secret fields, which will be input later.

4. Click on OAuth & Permissions on the left sidebar. Under the Redirect URLs section, click Add New Redirect URL and input the domain name of your Opal application, followed by /callback/slack (e.g. https://app.opal.dev/callback/slack). Now click Add and then click Save URLs.

5. Scroll down to the Scopes section and under Bot Token Scopes, click Add an OAuth scope and add the following scopes:

  • app_mentions:read

  • chat:write

  • commands

  • im:write

  • users.profile:read

  • users:read

  • users:read.email

6. Let's now enable access approvals from Slack. First, you will need to generate an app-level token. Click on Basic Information on the left sidebar, and navigate to the App-Level Tokens section. Click on the Generate Tokens and Scopes button to create the app-level token. Give the token the connections:write scope, and make sure to record the token, which will be input later. After this is done, navigate to Socket Mode on the left sidebar, and make sure socket mode is toggled on, like so:

7. Let's now enable creating access requests out of Slack. Click on Slash Commands on the left sidebar and click on Create New Command.

  • For Command, enter /opal.

  • For Short Description, enter Request a resource.

  • For Usage Hint, enter request.

  • Finish by clicking Save.

8. Click on App Home on the left sidebar. Make sure the Messages Tab is toggled on, like so:

9. Click on Basic Information on the left sidebar. Click on Install your app and click Install to Workspace. The Slack app you just created will appear in your Slack workspace.

10. Click Connect on the Slack integration in the Opal Admin page.

11. For the Organization name field, input the Slack domain corresponding to the workspace you want to link to Opal. For example, if your workspace is called opal-test-workspace (with the associated URL opal-test-workspace.slack.com), then input opal-test-workspace.

12. For the Client ID field, input the Client ID from Step 3.

13. Next, for the Client secret field, input the Client Secret from Step 3.

14. Then, for the Signing secret field, input the Signing Secret from Step 3.

15. Lastly, for the App level token field, input the app-level token from Step 6.

16. After entering this, you will be redirected to a page from Slack, asking you to grant the Opal Slack app with permissions to access your workspace. Click Allow, and you will be redirected to the Admin page.

Note: to update your existing Slack integration to use socket mode, follow step 6 to generate the app-level-token and enable socket mode. Then, navigate to the Opal admin page, and disconnect then reconnect Slack.

Integration Success

If the integration succeeds, on the Admin page, you will see a Disconnect button in place of the Connect button inside the Slack tile. Opal is ready to send Slack messages to members of your workspace.

For on-premise, there will be a status that says either active or inactive beside the Disconnect button. This corresponds to the state of the web socket connection with Slack. If the connection is inactive wait a few minutes to see if the connection re-establishes itself (refresh the page and see if the status updates). If the problem does not resolve itself within 10 minutes, try disconnecting and reconnecting the Slack integration.

To enable your Slack notifications, navigate to the top right of the Opal page and click your avatar. Click Settings and under Notification Preferences, toggle Slack on:

Did this answer your question?