Welcome to GovSlack, an instance of Slack designed for U.S. public sector use.
Read on to learn more about how to build apps for GovSlack.
GovSlack is an instance of Slack that enables agencies, contractors, citizens, and partners to work together in one centralized, secure tool. This instance is designed to comply with the most stringent security and operational requirements of public sector customers.
GovSlack does not run on the slack.com domain. Instead, it runs on the entirely separate domain slack-gov.com. For compliance reasons, data between commercial Slack and GovSlack are completely isolated from one another.
Running in AWS GovCloud-certified data centers, GovSlack instances can help customers maintain compliance with the following:
FedRAMP: Federal Risk and Authorization Management Program. A compliance standard that ensures the proper level of security for cloud services (FedRAMP High authorized).
FIPS 140.2: Federal Information Processing Standard. A standard of security/cryptography for keeping government data safe. Includes requirements on encryption key length, key management, roles/access management, physical security of servers, and so forth.
DOD IL: Department of Defense Impact Level. Standards defining different levels of information sensitivity and requirements for systems housing that data (pursuing DoD SRG IL4 certification).
Some of these standards may be inheritable or complied with by using compliant infrastructure such as AWS GovCloud, but itβs up to individual providers to determine the standards they want to comply with and whether they are certified or not.
Additionally, GovSlack Services have controls that can help customers maintain compliance with the United States International Traffic and Arms Regulations (ITAR). Customers remain responsible to ensure compliance with the ITAR at all times and must not provide data or information subject to the ITAR to Salesforce as part of any support request or other communication.
If you would like to make your app available in GovSlack, you will need to deploy your app in the GovSlack environment, then have it approved and published in the GovSlack Slack Marketplace.
You'll also need to do the following:
env variables to distinguish between GovSlack and commercial Slack instances; this can help streamline your app's review time.oauth.v2.access API calls to the slack-gov.com domain instead of the slack.com domain. In fact, use slack-gov.com when calling any API endpoint instead of slack.com when using Slack Web APIs.response_url, to slack-gov.com instead of slack.com.slack-gov.com instead of slack.com.To set compliance values, navigate to your App Manifest within your app settings on slack-gov.com.
Valid FedRAMP values are as follows:
NoneLowModerateHighCustomer ResponsibilityValid ITAR values are as follows:
NoCustomer ResponsibilityValid Department of Defense values are as follows:
NoneCustomer ResponsibilityIL2IL4IL5IL6The following is an example manifest written in YAML format:
display_information:
name: My Gov App
settings:
org_deploy_enabled: false
socket_mode_enabled: false
token_rotation_enabled: false
compliance:
fedramp_authorization: High
dod_srg_ilx: None
itar_compliant: No
link_shared event will not be dispatched when a user pastes a link in the message composer for a domain your app has registered. Instead, the event is only dispatched when a message is sent to the channel. This means you should not expect the source property in the link_shared request payload (it will implicitly always be conversations_history). You should not use the preview field (found within the unfurls URL-encoded JSON string) when unfurling; doing so will return the error cannot_parse_attachment.Yes, only apps submitted to the GovSlack Slack Marketplace will be available for installation in GovSlack workspaces.
This is not a requirement. Each compliance level can optionally be set to None, meaning that your app does not meet any of the available standards. GovSlack customers will be able to see which compliance level each app follows, and can then decide which apps to install in their GovSlack workspaces.
The app submission process in GovSlack is the same as in commercial Slack. You will need to submit your app to both app directories if you want your app to be available to both instances.
When developing your app for listing in the GovSlack Slack Marketplace, we recommend creating a second app to serve as your development app. This will also allow us to test the updates you submit to your app once published.
No. Similar to commercial Slack, apps in GovSlack can be installed by one or more workspaces when public distribution has been enabled in your app settings. That said, it is during the Slack Marketplace submission process where you define your app's compliance level.
GovSlack customers are enterprise customers, so your app should work for enterprise. Slack supports development of organization-ready apps to ease the install flow for admins and to increase adoption of your app.
Any app that is created on a GovSlack workspace will be a GBP app with no ability to create a non-GBP app. So if your existing app in commercial Slack is not GBP ready, you need to upgrade before it can be configured and published in GovSlack and made available in the GovSlack Slack Marketplace.
You can request a sandbox instance of GovSlack immediately. Once your app is functional and your compliance levels are set, we're ready to review your submission and have it published to the GovSlack Slack Marketplace. The public release of GovSlack is still to be determined. Ask your Slack partner contact for more information.