Slack is a team communication and collaboration tool. Onna integrates with Slack's Discovery API to extract all related data and metadata from entire Slack workspaces, specific user accounts, specific channels, and/or private/multiparty chats.

For a short video overview of collecting from Slack Enterprise, please see below:

This article describes our integration with Slack's Discovery API. The Discovery API does need to be enabled on your Enterprise Grid Account, if it hasn't been already. If you are not on the Enterprise plan you can also see our standard Slack collection guide. Main differences between standard and enterprise Slack collections are:

  1. The standard collection is unable to capture edits and deletes while the enterprise level can (assuming that the retention policy is set to retain edits and deletes in Slack).
  2. The standard collection requires the credentials for each user in order to perform the collection, while the enterprise collection can be performed by the Slack Org Owner.

For additional questions, please contact us at contact@onna.com.

Integration Features

Prerequisites:

  • To enable a Slack Enterprise Grid collection, you'll need a Slack Enterprise Owner account.
  • The Slack Discovery API must be enabled on the account.

What is collected?

Onna's Enterprise Slack integration can collect be set up to collect Slack data with a few options.

  • All or selected workspaces
  • All or selected channels, both private and public
  • Messages posted on channels, direct messages (dms) and multi-person instant messages (mpim)
  • Edited and deleted messages (only available if 'Keep Everything' is selected as a setting in Slack Enterprise)
  • Files posted on channels, dms and mpims
  • Posts created in the files section, channels, dms and mpims
  • Snippets created in the files section, channels, dms and mpims
  • Files created in the files section, channels, dms and mpims
  • All Slack Emoji reactions (On initial sync), dms and mpims

Onna's sync modes

We currently support two syncing modes - one-time sync and auto-sync & archive.

  • One-time sync is a sync that collects files in a source during a certain time range or up until the date the source was added.
  • Auto-sync & archive means that Onna will perform a full sync first and will continuously add any new files generated at the data source. The sync type does not delete files deleted from the data source

Onna can be used to collect an entire organization's workspace or specific user accounts within an organization's workspace. Onna can collect all or specific channels, all DMs, and/or private channels.

Sync Time

Sync time depends on a number of factors including, but not limited to, the length of time the individual(s) has been active in Slack, the number of channels synced, how active the channels are, and the number of files shared in channels and direct message chains.

Data Exports

Yes, you can export data and metadata in eDiscovery ready format. Load files are available in a dat, CSV, or custom text file.

The following metadata fields are exported:

  • Workspace ID (Alphanumeric string assigned to workspace by Slack)
  • Workspace Name
  • Thread Name (Name of the Channel)
  • Thread ID (Alphanumeric string assigned to channel by Slack)
  • Thread Type (This specifies whether its a channel, direct message (dms) or multi-party message (mpim)
  • Extension (html if chat file, original file format if attachment)
  • File name
  • File creation
  • File last modified

How to Guide

For this integration, you'll need to be an admin in Onna to have Slack Enterprise enabled. This role is available to our Enterprise users.

Note: Only Enterprise Grid accounts that have the Discovery API enabled will be able to use the Discovery integration. Additionally, only Org Owners can can access multiple workspaces. Head to Slack for more details on Slack Roles & Permissions.

Once you're an admin on Onna and have Slack Enterprise enabled, you'll see it available as a source in the user dashboard.

Once you click on Slack Enterprise, it will open the following modal

The first section covers the Source name. This is the name of your source in Onna. We've pre-filled it with the name of the source you're adding however this is entirely customizable.

The next section allows you to select your synchronization mode and any optional starting date you wish. For One Time Sync, you can enter an optional start and end date.

Once you've named your source and added dates if needed, click 'Connect.' This will take you through Slack's OAuth flow where you'll be giving permissions to Onna to collect from that enterprise account.

The first step will ask for your workspace name if you're not already signed in. This workspace needs to be the "enterprise" workspace, generally [company].enterprise. You will later be able to narrow down the collection to just one of the workspaces on your enterprise account.

After you've entered your workspace url, it will ask for user credentials.
Note: To enable a Slack Enterprise Grid collection, you'll need a Slack Enterprise Owner account.

Once you've entered that information, Slack will ask for your permission to authorize Onna to access the account.

Click Authorize to finalize the OAuth process.

The next section allows you to specify what you'd like to sync from Slack.

Note: You will want to toggle OFF "Custodian Collection" in order to setup an archive source. Check out the article on User-Based Collections for more information.

You can choose to collect the entire account or specific parts.

There are the following options:

  • Direct Messages
  • Multiparty Messages (messages between two or more individuals. These aren't channels)
  • Workspace private channels (private channels in a workspace)
  • Workspace public channels (public channels in a workspace)

Note: One of the benefits of using Onna's integration with Slack Enterprise is it's granularity. If you're just looking at collecting conversations from users and not interested in channels, just select 'Direct Messages' and 'Multiparty Messages' to head straight to user selection. Conversely, if you are just interested in channels, you can only select the different channel options.

Once you're finished, click 'Next'

The next step in setting up the Slack Enterprise Grid integration is the workspace selection. You will see the list of workspaces which you can expand and select/deselect.

Here you can choose to sync multi-workspace channels and externally shared channels for the selected workspace. On this page you can also choose whether to sync workspaces created in the future if your source is in auto-sync and archive

Channel Selection
The next step in setting up the Slack Enterprise Grid integration is the Channels selection. The total number of channels is listed in the top left.


Note: If you only selected Direct and/or Multiparty Messages, you will skip the channel selection screen.

You can search for channels by using the filter. Private channels are shown with a lock icon beside their name.

If your source is in auto-sync and archive you will have the option to sync future channels . New channels that are added to Slack will automatically be added to Onna.

Direct Message Selection

Onna will need to gather all user accounts related to Slack. If you have over 5000 users on your account, this process may take up to a minute. Once loaded you can select your desired user accounts to sync.

At the top of the page you will have additional filters for email domain. Clicking on email domain will give you a list of all the email domains that are available for your account.

At the bottom of the page you can also choose whether to sync future channels if your source is in auto-sync and archive. New channels that are added to Slack will automatically be added to Onna.

Once you've made your selection you can click Done.

The Slack Enterprise account will be listed in your Sources.

Searching across the account
Files will be visible on the user dashboard. If you mapped them to a single user, head to that user's account. Results will begin populating as soon as the connection is made.

Channels and conversations are html files. A file is created for every 24hrs and is saved in UTC. The standard title for chat files will be:

Type of chat [e.g. channel, personal message], name of channel or person [e.g. general, random], participant(s) and date [YYYYMMDD]

Attachments that are sent through chats are extracted and processed separately.

Slack Files in Onna

On the left hand side you have the html file. You can see the naming convention mentioned before : Type of chat [e.g. channel, personal message] name of channel or person [e.g. general, random], participant(s) and date [YYYYMMDD]

Each message contains the user name and the time and date stamp (UTC) the message was sent. The most recent messages appear at the bottom.

The third message demonstrates the example of an attachment that has been shared through Slack. Onna offers a link to view the attachment separately and also lists the document in the document details tab on the right. The attachment will open in its native format, in this case PNG.

Edited & Deleted Messages
If you have 'Keep Everything' as a setting across public channels, private channels and direct messages in your workspace (only available for Slack Enterprise Grid), you will be able to see edited and deleted messages in Onna. Below is an example of how they are displayed:

We demonstrate edited messages in green and deleted messages in red. Starting from April 2019, Onna also started adding "Has Deletions" or "Has Edits" on conversations that have had deletes or edits. You can easily search for conversations that have been modified by searching "has deletions" or "has edits" through the search bar.

Slack Emoji Reactions

Slack Emoji reactions are also available for searching and exporting inside of Onna.

To assist with your Emoji searches we have added the new keyword “has:reaction” to locate all of your Slack messages with Emoji content.

To export those reactions, make sure to select Message List and “List of Messages,” under Source specific metadata in your Configuration window.

Back in the results screen, you are able to filter results by date range, categories, and/or extensions using the menu on the left.

From that same screen, you can also sort by different columns and choose other metadata fields to sort by using the toggle on the right hand side.

Clicking on the information icon on the top right will take you to the source details where you can see how many files it has and it's size.

At the bottom of your Source details panel is your origin details which can give more information regarding the settings chosen for your Slack sync. You can review your selected Sync-mode, whether future channels and users will be added as well as the threads synced in Synced threads. The source's time range, and when the source was last synced are also available as well.

For admin creators of the Slack Enterprise source, you will also be able to see a list of users that have been synced from that account by clicking the info icon and expanding Synced account in origin.

Click on Audits to see logs from collection and processing

FAQ

Who is notified within Slack Enterprise when Onna is added as an application?
This depends on your settings! By default, the person who added the application is the one that receives the email through Slack.

Does Onna collect edited and deleted messages across everything?
Yes, if the account in question has "Store Everything" enabled across channels, private channels and messages. There are some accounts that opt out on storing everything which means that we cannot collect previously edited or deleted messages.

If I select specific users, will I get only the channels that they are subscribed to on Slack?
No, you will get all of the channels that you selected during the channel selection stage. The list of channels that you can see there is for the entire Slack account.

If you'd like to complete a more targeted collection for user-specific information, check out our user-based Slack collection using the Audit API for Slack Enterprise Grid.

How do I collect only direct messages for users?
Simple! Select 'Direct Messages' and 'Multiparty Messages' and as long as the rest of the scopes are not selected, it will take you straight to the user selection stage.

Once a collection has started, can one modify the details? Can you add another user or another channel?
No - currently once the collection is started in Onna it cannot be modified. To collect another user's messages or add another channel one has to go through the 'Add Source' process again.

Can you export the files in PDF?
Yes, Slack conversations are HTML natives. These can be converted into PDF files.

How do Onna exports differ from Slack's standard exports?
Onna's exports differ in a couple of ways. Slack's standard exports are JSON files which require further processing before you can use them in a review platform. Each JSON object consists of one message along with the metadata for that message. One has to parse the file and assign control numbers for each individual message on every channel and every direct message, then sort and view each message from each conversation individually.

Onna's exports are processed and ready to be loaded into a review platform. We divide messages up by day so that the volume that is being reviewed is less and it's easier to see the context around messages.

With Onna you can also filter down the amount that is being exported down to the specific person or channel (private or public) that one wants to review. This is different from the standard export which generally exports everything associated with a workspace.

Finally, Onna collects all attachments in their original format. In the JSON objects attachments are stored as links which means they will not be part of the initial search parameters when going through review.

Are archived channels able to be synced in Onna?
Yes, archived slack channels (private or public) that are still available via the API would sync unless the data has moved past the retention setting. However, deleted channels in Slack are not able to be synced.

In what order will Slack files sync?
When Slack sync starts files are collected in the following order:

  1. Public channels
  2. Private channels
  3. Direct messages (DMs)
  4. Multi-party messages (MPIMs)

Why do I see different dates within the Slack conversation?
If the Slack conversation has edits or deletions that happened after the original conversation date, the different date and time correspond with when the edit or deletion occurred.

How can I identify the custodian to my files in my Slack Enterprise export?

For channel-based collections, the export CSV will have the users in the RelatedUsers_List of related users field. For custodian-based collections, the export CSV will populate custodian values into Origin_List of users collected for the field.

Does Onna collect the user's IP address and the user agent from Slack Enterprise?

No, currently Onna does not collect the user's IP address and the user agent from Slack.

Have a question that we haven't answered here? Interested in collecting from Slack Enterprise?

Did this answer your question?