Slack is a team communication and collaboration tool. Onna integrates with Slack's Discovery API to extract all related data and metadata from entire Slack workspaces, specific user accounts, specific channels, and/or private/multiparty chats.
This article describes our integration with Slack's Discovery API. The Discovery API does need to be enabled on your Enterprise Grid Account, if it hasn't been already. If you are not on the Enterprise plan you can also see our standard Slack collection guide. Main differences between standard and enterprise Slack collections are:
- The standard collection is unable to capture edits and deletes while the enterprise level can (assuming that the retention policy is set to retain edits and deletes in Slack).
- The standard collection requires the credentials for each user in order to perform the collection, while the enterprise collection can be performed by the Slack Org Owner.
For additional questions, please contact us at email@example.com.
- To enable a Slack Enterprise Grid collection, you'll need a Slack Enterprise Owner account.
- The Slack Discovery API must be enabled on the account.
What is collected?
Onna's Enterprise Slack integration can collect be setup to collect Slack data with a few options.
- All or selected workspaces
- All or selected channels, both private and public
- Messages posted on channels, direct messages (dms) and multi-person instant messages (mpim)
- Edited and deleted messages (only available if 'Keep Everything' is selected as a setting in Slack Enterprise)
- Files posted on channels, dms and mpims
- Posts created in the files section, channels, dms and mpims
- Snippets created in the files section, channels, dms and mpims
- Files created in the files section, channels, dms and mpims
Onna's sync modes
We currently support two syncing modes - one-time sync and auto-sync & archive.
- One-time sync is a sync that collects files in a source during a certain time range or up until the date the source was added.
- Auto-sync & archive means that Onna will perform a full sync first and will continuously add any new files generated at the data source. The sync type does not delete files deleted from the data source
Onna can be used to collect an entire organization's workspace or specific user accounts within an organization's workspace. Onna can collect all or specific channels, all DMs, and/or private channels.
Sync time depends on a number of factors including, but not limited to, the length of time the individual(s) has been active in Slack, the number of channels synced, how active the channels are, and the number of files shared in channels and direct message chains.
Yes, you can export data and metadata in eDiscovery ready format. Load files are available in a dat, CSV, or custom text file.
The following metadata fields are exported:
- Workspace ID (Alphanumeric string assigned to workspace by Slack)
- Workspace Name
- Thread Name (Name of the Channel)
- Thread ID (Alphanumeric string assigned to channel by Slack)
- Thread Type (This specifies whether its a channel, direct message (dms) or multi-party message (mpim)
- Extension (html if chat file, original file format if attachment)
- File name
- File creation
- File last modified
How to Guide
For this integration, you'll need to be an admin in Onna to have Slack Enterprise enabled. This role is available to our Enterprise users.
Note: Only Enterprise Grid accounts that have the Discovery API enabled will be able to use the Discovery integration. Additionally, only Org Owners can can access multiple workspaces. Head to Slack for more details on Slack Roles & Permissions.
Once you're an admin on Onna and have Slack Enterprise enabled, you'll see it available as a source in the user dashboard.
Once you click on Slack Enterprise, it will open the following modal
The first section covers the Source name. This is the name of your source in Onna. We've pre-filled it with the name of the source you're adding however this is entirely customizable.
The next section allows you to specify what you'd like to sync from Slack. You can choose to collect the entire account or specific parts.
There are the following options:
- Direct Messages
- Multiparty Messages (messages between two or more individuals. These aren't channels)
- Organization channels (channels shared with an entire organization, or between workspaces)
- Workspace private channels (private channels in a workspace)
- Workspace public channels (public channels in a workspace)
Note: One of the benefits of using Onna's integration with Slack Enterprise is it's granularity. If you're just looking at collecting conversations from users and not interested in channels, just select 'Direct Messages' and 'Multiparty Messages' to head straight to user selection. Conversely, if you are just interested in channels, you can only select the different channel options.
Select the scopes you'd like to sync and click connect. This will take you through Slack's OAuth flow where you'll be giving permissions to Onna to collect from that enterprise account.
The first step will ask for your workspace name if you're not already signed in. This workspace needs to be the "enterprise" workspace, generally [company].enterprise. You will later be able to narrow down the collection to just one of the workspaces on your enterprise account.
After you've entered your workspace url, it will ask for user credentials.
Note: To enable a Slack Enterprise Grid collection, you'll need a Slack Enterprise Owner account.
Once you've entered that information, Slack will ask for your permission to authorize Onna to access the account.
Click Authorize to finalize the OAuth process.
If you've chosen to select everything, the next step in the setup is the workspace selection. The list of workspaces that the Org Owner has access to see will be shown in this step. Either select all workspaces or a specific workspace. You can also select the type of sync mode and whether you'd like it to collect from a specific time range.
Note: You will want to toggle OFF "Custodian Collection" in order to setup an archive source. Check out the article on User-Based Collections for more information.
Once you're finished, click 'Next'
The next step in setting up the Slack Enterprise Grid integration is the Channel selection. Here you will see the list of channels per workspace. The total number of channels is listed in the top right.
Note: If you only selected Direct and/or Multiparty Messages, you will skip these channel selection screens.
You can search for channels by using the filter or by expanding the workspaces to see a list of channels within them. Private channels are shown with a lock icon beside their name.
Here you can also choose whether to sync future channels if your source is in auto-sync and archive. New channels that are added to Slack will automatically be added to Onna.
Once you've selected the channels that you'd like to sync, scroll to the bottom and click 'Next'. The last step is user selection.
Note: If you did not select Direct or Multiparty Messages, you will skip the user selection stage.
Onna will need to gather all user accounts related to Slack. If you have over 5000 users on your account, this process may take up to a minute. You'll see a counter of the accounts being gathered as demonstrated below:
Once it's finished loading, you'll see a list of user accounts, organized alphabetically. As well as an option to filter by domain .
All accounts and domains are selected by default. Clicking on the domain will deselect all accounts that have the matching domain. Below the domain filter you will see the option to ‘Sync future users of selected domain(s)'. This will sync all users for the domain(s) selected in the filter.
You can choose to 'Deselect all' on the right hand side and filter specific users using the search bar or by clicking through different letters to find the user(s) of choice.
At the bottom of the panel you will have the option to ‘Sync any user added in the future. Checking this option will sync all users added in the future regardless of their domain.
Once you've finished the user selection and mapping process, click 'Finish'.
The Slack Enterprise account will be listed in your Sources.
Searching across the account
Files will be visible on the user dashboard. If you mapped them to a single user, head to that user's account. Results will begin populating as soon as the connection is made.
Channels and conversations are html files. A file is created for every 24hrs and is saved in UTC. The standard title for chat files will be:
Type of chat [e.g. channel, personal message], name of channel or person [e.g. general, random], participant(s) and date [YYYYMMDD]
Attachments that are sent through chats are extracted and processed separately.
Slack Files in Onna
On the left hand side you have the html file. You can see the naming convention mentioned before : Type of chat [e.g. channel, personal message] name of channel or person [e.g. general, random], participant(s) and date [YYYYMMDD]
Each message contains the user name and the time and date stamp (UTC) the message was sent. The most recent messages appear at the bottom.
The third message demonstrates the example of an attachment that has been shared through Slack. Onna offers a link to view the attachment separately and also lists the document in the document details tab on the right. The attachment will open in its native format, in this case PNG.
Edited & Deleted Messages
If you have 'Keep Everything' as a setting across public channels, private channels and direct messages in your workspace (only available for Slack Enterprise Grid), you will be able to see edited and deleted messages in Onna. Below is an example of how they are displayed:
We demonstrate edited messages in green and deleted messages in red. Starting from April 2019, Onna also started adding "Has Deletions" or "Has Edits" on conversations that have had deletes or edits. You can easily search for conversations that have been modified by searching "has deletions" or "has edits" through the search bar.
Back in the results screen, you are able to filter results by date range, categories, and/or extensions using the menu on the left.
From that same screen, you can also sort by different columns and choose other metadata fields to sort by using the toggle on the right hand side.
Clicking on the information icon on the top right will take you to the source details where you can see how many files it has and it's size.
For admin creators of the Slack Enterprise source, you will also be able to see a list of users that have been synced from that account by clicking the info icon and expanding Synced account in origin.
Click on Audits to see logs from collection and processing
Who is notified within Slack Enterprise when Onna is added as an application?
This depends on your settings! By default, the person who added the application is the one that receives the email through Slack.
Does Onna collect edited and deleted messages across everything?
Yes, if the account in question has "Store Everything" enabled across channels, private channels and messages. There are some accounts that opt out on storing everything which means that we cannot collect previously edited or deleted messages.
If I select specific users, will I get only the channels that they are subscribed to on Slack?
No, you will get all of the channels that you selected during the channel selection stage. The list of channels that you can see there is for the entire Slack account.
If you'd like to complete a more targeted collection for user-specific information, check out our user-based Slack collection using the Audit API for Slack Enterprise Grid.
How do I collect only direct messages for users?
Simple! Select 'Direct Messages' and 'Multiparty Messages' and as long as the rest of the scopes are not selected, it will take you straight to the user selection stage.
Once a collection has started, can one modify the details? Can you add another user or another channel?
No - currently once the collection is started in Onna it cannot be modified. To collect another user's messages or add another channel one has to go through the 'Add Source' process again.
Can you export the files in PDF?
Yes, Slack conversations are html natives. These can be converted into PDF files.
How do Onna exports differ from Slack's standard exports?
Onna's exports differ in a couple of ways. Slack's standard exports are JSON files which require further processing before you can use them in a review platform. Each JSON object consists of one message along with the metadata for that message. One has to parse the file and assign control numbers for each individual message on every channel and every direct message, then sort and view each message from each conversation individually.
Onna's exports are processed and ready to be loaded into a review platform. We divide messages up by day so that the volume that is being reviewed is less and it's easier to see the context around messages.
With Onna you can also filter down the amount that is being exported down to the specific person or channel (private or public) that one wants to review. This is different to the standard export which generally exports everything associated to a workspace.
Finally, Onna collects all attachments in their original format. In the JSON objects attachments are stored as links which means they will not be part of the initial search parameters when going through review.
Are archived channels able to be synced in Onna?
Yes, archived slack channels (private or public) that are still available via the api would sync unless the data has moved passed the retention setting. However, deleted channels in Slack are not able to be synced.
What order will Slack files sync?
When a Slack sync starts files are collected in the following order:
- Public channels
- Private channels
- Direct messages (DMs)
- Multi-party messages (MPIMs)
Why do I see different dates within the Slack conversation?
If the Slack conversation has edits or deletions that happened after the original conversation date, the different date and time corresponds with when the edit or deletion occurred.
Have a question that we haven't answered here? Interested in collecting from Slack Enterprise?