Security tips to protect your workspace
At Slack, security is our top priority. We care most about keeping your account secure, protecting your privacy, and building a service you can trust. We've rounded up the tools Workspace Owners and Admins need to keep their workspaces and members safe. After all, a secure workspace is a happy workspace!
Hi! 👋Our Support team is available 24/7 and always happy to help. If you notice suspicious activity on your workspace, please contact us.
Ask members to set up 2FA
Two-factor authentication (2FA) is an extra layer of sign-in security. With 2FA turned on, members enter a verification code (from their mobile device) along with their normal password. 2FA ensures that even if a password is stolen or compromised (yikes!), access won’t be granted unless the member is verified from their device.
Members can choose to enable 2FA if they'd like — but Workspace Owners can make this a requirement. If your company uses an identity provider, consider upgrading and configuring single sign-on for Slack.
Manage apps with care
By default, all members can add apps to your workspace. We review every app in our Directory, but there are lots of other apps your members can try to install. To help manage security, Workspace Owners can control who can add apps and from where. Learn more about managing apps for your workspace.
Note: For internal integrations built by your team, treat the tokens you generate carefully. Never share tokens with other people or applications. Read how to Connect your tools to Slack.
Limit who has access
Slack allows for transparency, and sometimes that means sharing propriety information or sensitive details. That's why we give Workspace Owners and Admins control over who gets invited to become a member.
Here are some tips to manage who has access to your workspace:
- Only invite people you know.
For total control, keep the default setting: only let Workspace Owners and Admins send invitations to new members. If you do allow others (except guests) to send invites, review pending and accepted invitations periodically.
- Deactivate members’ accounts as soon as they don’t need access.
Change is constant, and people come and go. Don’t forget to deactivate a member’s account when they leave. On the Plus plan and above, you can streamline deactivation with your identity provider and SCIM provisioning.
- Use guest accounts and limit which channels they're invited to.
Some members of your Slack workspace (like contractors, interns, or clients) may only need access to certain channels. Guest accounts are an excellent way to manage who has access to what. (Available on paid plans only.)
Click shared links with caution
If you manage a workspace, it’s impossible to monitor every single link that gets shared — so we do our part to help. If we identify a potentially unsafe webpage or malicious link, we’ll show a visual warning. That way, members can proceed with caution. Read more about safe browsing. 🔗
Limit administrative privileges
Using @mentions to make announcements is a quick way to get people’s attention. If you'd like, Workspace Owners can limit announcements to certain members or to just Workspace Owners and Admins.
- Email display
Members can find each others' email addresses in their profiles, but some may prefer to keep this info private. Workspace Owners and Admins can choose whether to display members’ email addresses in their Slack profiles.
💡If you're an Owner or Admin, browse workspace Settings & Permissions.
Understand Slack usage
On the Standard plan and above, Workspace Owners can view analytics and usage for insight into how your members use Slack.
Tip: Interested in some of our additional security features? Start with reading more about our different Plans, products & features.