Technical Overview - Slack

Only Bitglass provides complete visibility for files in Slack when accessed from any device - for Salesforce, as well as your organization’s entire suite of cloud applications. Whether you want to gain insights into suspicious user activity or simply identify sensitive data-at-rest, Bitglass’ market-leading data protection technologies provide the visibility you need.

  • Contextual Access Control
  • User Behavior Analytics
  • Identity
  • Architecture Overview & Deployment
Contextual Access Control

Contextual Access Control ensures that appropriate access to Slack is provisioned based on the context by which the user is accessing the application. Policies can be defined based on access method (browser or native app), device (managed vs unmanaged), location (by country or IP address range), group, and more.

Administrators can choose to block, allow, or provide intermediate levels of access to the app by pairing access control policies with DLP policies.

User Behavior Analytics

Through the combination of API and proxy-based control over application access, Bitglass provides full visibility into every transaction conducted in Slack. User behavior analytics, focused on suspicious activity detection, are built on that visibility and reported via alerts, dashboards, and SIEM integration.

Moreover, Bitglass provides cross-app visibility, empowering you to discover suspicious and abnormal behavior. If a user accesses Slack from LA, and then an hour later tries to access Office 365 from NYC, Bitglass can flag and prevent that login.


Bitglass is the only CASB to offer built-in IDaaS service capabilities, allowing you to consolidate your entire cloud security strategy into a single platform. Built-in capabilities include single sign-on for both protected apps, as well as any application that supports SAML for SSO, Active Directory synchronization and authentication, SCIM support, SMS and email multi-factor authentication. Bitglass also integrates seamlessly with any identity management system, including Ping, Okta, OneLogin, ADFS, and more. Bitglass dual SAML termination ensures that the strength of SAML SSO is preserved, without the added phishing risk that comes with some proxy architectures.

Whether you use the Bitglass IDaaS or integrate with another system, Bitglass can enforce step-up authentication at any time, based on suspicious activities. For example, if a user logs in simultaneously from two different locations, Bitglass can force a re-authentication, requiring multiple factors.

Architecture Overview & Deployment

When it comes to securing data in Slack, comprehensive visibility is a necessity. Bitglass’ approach is powered by its deep API integration with Slack. API integration allows for visibility of data-at-rest, including discovery of sensitive data.

Bitglass’ CASB solution can be deployed in minutes, without the pain that comes with traditional agent-based CASB or MDM solutions. Setup is simple and straightforward, with nothing to install for either admins or users.

The Bitglass cloud service is hosted globally on AWS infrastructure with auto-scaling and replication. Its fully redundant architecture ensures constant uptime – Bitglass guarantees a 99.9% SLA, and greater than 99.99% historical performance.