Slack

Are you approved by Slack?

incident.io has been approved by Slack and can be found in the Slack App Store here.

How do you authenticate users?

We currently use Slack as our sole authentication mechanism, meaning no additional authentication strategy or provider is required. However your organisation chooses to authenticate with Slack — whether that's directly or with a single sign-on provider — that same authentication mechanism is used to access incident.io.

For the web application, temporary sessions are granted when you sign in with Slack. These periodically expire and are refreshed by redirecting the user through the OAuth flow. We can also revoke these tokens.

What Slack permissions and access scopes do you require?

As a workspace app, you can interact with incident.io from anywhere within Slack, but we’re careful with the permissions and scopes we require and request the minimum we need to function.

We can only access data in two places by default:

• A nominated incident channel, such as #incidents (where incidents are summarised)
• Individual incident channels, which we create on your behalf

We cannot access Slack data outside of these channels, unless our app is explicitly invited.

Specifically, we ask for permissions to:

• app_mentions:read (so we know when you’re talking to us)
• channels:history (so we can list messages in an incident channel)
• channels:manage (so we can create and edit incident channels on your behalf)
• channels:read (so we can list public channels)