Glean requires authentication to the Slack instance in order to fetch relevant information from Slack.
Authentication is done by creating the Glean app in Slack.
We create a custom app for each customer. This helps to ensure that webhooks are sent directly to your cloud project.
The app requires admin to install it.
It’s important to note that all data is stored in the customer’s cloud account and no data leaves the customer environment.
By default Glean will capture the following content:
Conversations in public channels (messages, threads, the channel itself).
Files shared in public channels
In addition, each user can choose to authorize Glean to index the content of the private channels/DMs that they are a part of - this needs to be enabled on a per-user basis and can be disabled by the admin if desired.
If private messages are enabled by a user, conversations in private channels/DMs that they are part of are added. These objects will be permissioned: only users that would have access to the document in Slack will see these conversations in their Glean search results.
There are a few additional levers we have, e.g. channel redlisting to prevent specific conversation data from being crawled, indexing channels shared with external customers, etc.
Glean will use the standard Slack API to ingest all data.
In order to capture changes as quickly as possible, Slack will send us notifications to a Glean endpoint deployed in your cloud infrastructure. These are the “slack events” below. Using events, we respect message deletions as well, so if a message is deleted in Slack, we respond on the order of minutes to prevent that message from being seen in Glean results.
When installing, you can see the specific “scopes” below and Slack’s explanation of each one. There are two categories:
Accessing messages and building searchable documents: fetch messages in all conversation types
channels:read, groups:read, im:read, mpim:read, files:read, team:read
users:read and :emails are used to match glean users making sure permissions are respected
Letting the GleanBot post: responding to /commands to answer user prompts
bot, commands, chat:write:bot
We recommend using or creating a service account for your Slack integration, so that you may control your personal slack results separately from the admin account
The installation process involves setting up a Slack app private to the organization, and then authorizing Glean to access public messages using the app. Instructions are provided on-screen within Glean Workspace settings.
After the initial setup, we will crawl data to get up to speed with your Slack instance’s current state. If things are not behaving as expected, or if you have any issues with this setup, please reach out to email@example.com.