Make Your Slack App Feel More Like Home: Access Control

This post continues our series on App Home design and best practices for UX in Slack apps.

The previous post, examining user engagement, can be found here.

Note: this article discusses admins & management within your app after it is installed. If you'd like to learn more about managing apps at a workspace level, such as who can request an app, Slack has wonderful docs for you.

As your Slack app grows in complexity and becomes more powerful, you will likely run into situations where federated access becomes important to your users and their teams. You shouldn't assume every member of team has the same privileges, for obvious reasons. It is also folly to only allow workspace admins access to key features.

slack admin settings

Relying on workspace admins rewards the fact that they allowed your app to be installed by foisting the roles of both app admin and de facto champion upon them, whether they want to use your app or not. You also hamstring the installing user if they are not an admin. Removing their ability to set up and manage the app makes for a frustrating experience and doesn't breed promotion of the app within the workspace.

So what can you do? How do you federate access within your app?

Adding app admins, approvals, and access control lists (ACLs) to your Slack app meets your customers' need for control and empowers the users installing your app. These features not only make it easier for your app to fit company standards, they promote privacy and security.

App Admins

Slack workspace admins are far from the only users that install apps. As app builders, we strive to reduce the number of assumptions in our product that could lead to frustration for users. By adding the concept of an app admin role, you can create federated access beyond what Slack offers without blocking non-admins, particularly the user(s) that found and installed your app, from using all of its features. Workspace admins should be allowed to do anything in Slack, which includes your app, without any configuration. App admins should be able to do everything that workspace admins can do, but only inside of your app. This includes making other app admins.

slack app admins

It's likely that a non-admin user installed your app - blocking their access to key features will force them to:

  • Figure out who a workspace admin is
  • Message the workspace admin explaining what is happening and offering instructions
  • Wait for the admin to read the message
  • Wait for and possibly help the admin to find app home
  • Have the admin go through a modal flow to grant app admin access.

You can probably feel the heat from the friction just reading it. So how do you handle the crowning of the first app admin?

Approvals

An approval framework makes it simple for app and workspace admins to manage and fulfill their duties, which include doling out app admin permissions. As you're building your app, keep an eye out for specific features that might cause problems if used improperly. Once your app is live, it's the wild west: you should assume users will do odd things given the opportunity - things that could reflect negatively on your app. Your customers probably know this and will want the ability to approve or deny all sorts things in complex apps. If they don't know it yet, they will be glad that you did.

slack app approval

In addition to approvals, customers may also want to control which users can access your app and/or certain features within it.

Access Control Lists (ACLs)

Your customers may desire a way to restrict who can install your app, its general usage, and/or access certain features. This could be because pricing is per user, or they may have privacy and security concerns. There are many reasons that access to specific features of your app might not be appropriate for all users. If you wanted to get really crazy with it, you could go beyond simple user lists and create multiple roles and/or user-specific permissions. That said, the goal is not to create complexity - either you or your customers will know when deeper permissioning and access control is needed, keep things simple and only build what it takes to keep things running smoothly.

slack app acl

Adding federated access to your Slack app helps it fit into organizations of all shapes and sizes. App admins, approvals, and ACLs are by no means the only ways to handle access within an app, and our team is excited to see what other user federation concepts get pulled into Slack as the app ecosystem matures.

Interested in seeing app admins, approvals, and ACLs done right?

Check out Happybara.io, our Slack apps push the limits of functionality and user-interfaces (they're also free to install and use).

To learn more about using and building Slack Apps, subscribe to our mailing list or give us a follow on Medium or Twitter.