incident.io has been approved by Slack and can be found in the Slack App Store here.
We currently use Slack as our sole authentication mechanism, meaning no additional authentication strategy or provider is required. However your organisation chooses to authenticate with Slack — whether that's directly or with a single sign-on provider — that same authentication mechanism is used to access incident.io.
For the web application, temporary sessions are granted when you sign in with Slack. These periodically expire and are refreshed by redirecting the user through the OAuth flow. We can also revoke these tokens.
As a workspace app, you can interact with incident.io from anywhere within Slack, but we’re careful with the permissions and scopes we require and request the minimum we need to function.
We can only access data in two places by default:
We cannot access Slack data outside of these channels, unless our app is explicitly invited.
Specifically, we ask for permissions to:
app_mentions:read(so we know when you’re talking to us)
channels:history(so we can list messages in an incident channel)
channels:manage(so we can create and edit incident channels on your behalf)
channels:read(so we can list public channels)