Slack is a team communication and collaboration tool. Onna integrates with Slack's Audits API to extract all related data and metadata from Slack user accounts including specific channels they've joined and/or private/multiparty chats. This feature allows Onna users to perform user-based Slack Enterprise collections for legal hold purposes and data preservation.

Integration Features

Type of Account Needed 

  • To enable this type of collection, you'll need a Slack Enterprise Owner account

Files Collected

Onna's Slack Audit Logs integration can perform user-based collections. This type of collection can only be completed with a Slack Enterprise account. The person adding the integration must be an Organization Owner within their Slack environment.

All files available through the Audits API are synced, including, but not limited to:

  • All available workspaces where your specified user(s) are members. An organization on Slack Enterprise Grid can have multiple workspaces that can be accessed through this API 
  • All channels your specified user(s) have joined both private and public 
  • User(s) Messages posted on channels, direct messages (dms) and multiperson instant messages (mpim)
  • Edited and deleted messages (only available if 'Keep Everything' is selected as a setting in Slack Enterprise)
  • Files posted on channels, dms and mpims
  • Posts created in the files section, channels, dms and mpims
  • Snippets created in the files section, channels, dms and mpims
  • Files created in the files section, channels, dms and mpims

Onna's sync modes

We currently support two syncing modes - one-time sync and auto-sync & archive.

  • One-time sync is a sync that collects files in a source during a certain time range or up until the date the source was added. One-time sync shuts off the connection to the API once the sync is completed 
  • Auto-sync & archive means that Onna will perform a full sync first and will continuously add any new files generated at the data source. The sync type does not delete files deleted from the data source

With the Audit Logs integration, Onna can be used to collect specific user accounts within an organization's workspace. 

Note: This API is only available for channels joined after March 2018. All users created prior to March of 2018 will not have "Channel Join" audit entries and will not be collected. For channels joined prior to March 2018, please collect those using the non-custodian connection.  

Sync Time

Sync time depends on a number of factors including, but not limited to, the length of time the individual(s) has been active in Slack, the number of channels synced, how active the channels are, and the number of files shared in channels and direct message chains.

Data Exports

Data and metadata from the Slack Enterprise Grid account can be exported in eDiscovery ready format. Load files are available in a dat, CSV, or custom text file.

How-To Guide

For this integration, you'll need to be an admin in Onna to have Slack Enterprise enabled.

Note: Only Enterprise Grid owners will be able to use the Audit API integration. This integration will only collect channels joined from the beginning of the Audit API records in March 2018 and onwards. Head to Slack for more details on Slack Roles & Permissions.

Once you're an admin on Onna and have Slack Enterprise enabled, you'll see it available as a source in the user dashboard.

Once you click on Slack Enterprise, it will open the following modal

The first section covers the Source name. This is the name of your source in Onna. We've pre-filled it with the name of the source you're adding however this is entirely customizable. 

The next section allows you to specify what you'd like to sync from Slack. You can choose to collect the entire account or specific parts. 

There are the following options:

  • Direct Messages
  • Multiparty Messages (messages between two or more individuals. These aren't channels)
  • Organization channels (channels shared across the enterprise or between workspaces)
  • Workspace private channels
  • Workspace public channels

Select the scopes you'd like to sync and click connect. This will take you through Slack's OAuth flow where you'll be giving permissions to Onna to collect from that enterprise account. 

The first step will ask for your workspace name if you're not already signed in. This workspace needs to be the "enterprise" workspace, generally [company].enterprise. You will later be able to narrow down the collection to just one of the workspaces on your enterprise account.

Once you've entered that information, Slack will ask for your permission to authorize Onna to access the account. 

Click Allow to finalize the OAuth process. 

If you've chosen to select everything, you will have the option to perform a custodian collection on the configuration flow. To select a custodian collection move the toggle button to On as shown in the figure below. 

Note: Slack's Audit Logs API permits the collection of user specific information starting March 2018.  It will automatically add channel information starting from this date unless otherwise specified. Channels joined prior to March 2018 will not be collected because they are not in the Audits API records. All direct messages starting from the earliest date they're available will be synced if that option has been selected.  

User Selection

The next step when using the custodian collection option is the user selection. Here you will see the list of users in your workspace. The total number of users is listed above the list of users. 

You can search for users by using the filter or by browsing the list of users. Once you've made your selection, hit Next.

Note: Active Slack Enterprise users will be listed by their Full Name in Slack. Deactivated users will be listed by their Display Name in Slack. If a deactivated user does not have a Display Name, they will appear at the top of the list as just an email address.

Onna will begin to load all of the names of the channels in the workspace that your selected users have joined.
Note: You have the option to skip loading the channel list and sync all channels from the users that you've selected. 

If you've chosen to load the channels, you can search for channels by using the filter or by expanding the workspaces to see a list of channels within them. Private channels are shown with a lock icon beside their name.

Here you can also choose whether to sync future channels if your source is in auto-sync and archive. New channels that are added to Slack will automatically be added to Onna. 

The Slack Enterprise account will be listed in your Sources. 

Searching across the account
Files will be visible on the user dashboard. Results will begin populating as soon as the connection is made.

Channels and conversations are html files. A file is created for every 24hrs and is saved in UTC. The standard title for chat files will be:

Type of chat [e.g. channel, personal message], name of channel or person [e.g. general, random], participant(s) and date [YYYYMMDD]

Attachments that are sent through chats are extracted and processed separately. 

Did this answer your question?