Slack IAM

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Note: This integration should be used as part of our Identity Lifecycle Management premium pack. For further details, visit our IAM pack documentation.

Integrate with Slack's services to execute CRUD operations for employee lifecycle processes. For more information, please refer to the Identity Lifecycle Management article.

Configure Slack IAM on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Slack IAM.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    access_tokenAccess TokenTrue
    insecureTrust any certificate (not secure)False
    proxyUse system proxy settingsFalse
    create_user_enablediam-create-user Command Enabled. If set to false, iam-create-user command will be skipped, and user will not be created.False
    update_user_enablediam-update-user Command EnabledFalse
    disable_user_enablediam-disable-user Command EnabledFalse
    create_if_not_existsAutomatically create user if not found in update commandFalse
    mapper_inIncoming MapperTrue
    mapper_outOutgoing MapperTrue
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

iam-create-user#


Creates a user.

Base Command#

iam-create-user

Input#

Argument NameDescriptionRequired
user-profileUser Profile indicator details.Required
allow-enableWhen set to true, after the command execution the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

``!iam-create-user user-profile={"emails": ["testdemistomock15@paloaltonetworks.com"], "userName": "testuser15"}````

Context Example#

{
"IAM": {
"UserProfile": {
"emails": [
"testdemistomock15@paloaltonetworks.com"
],
"userName": "testuser15"
},
"Vendor": {
"action": "create",
"active": true,
"brand": "Slack IAM",
"details": {
"active": true,
"displayName": "testuser15",
"emails": [
{
"primary": true,
"value": "testdemistomock15@paloaltonetworks.com"
}
],
"externalId": "",
"groups": [],
"id": "U01KGD53152",
"meta": {
"created": "2021-01-20T08:15:37-08:00",
"location": "https://api.slack.com/scim/v1/Users/U01KGD53152"
},
"name": {
"familyName": "",
"givenName": "testuser15"
},
"nickName": "testuser15",
"photos": [
{
"type": "photo",
"value": "https://secure.gravatar.com/avatar/17de069a77ac9bf8c47f0c9a4893f598.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-192.png"
}
],
"profileUrl": "https://panwtest.enterprise.slack.com/team/testuser15",
"schemas": [
"urn:scim:schemas:core:1.0"
],
"timezone": "America/Los_Angeles",
"title": "",
"userName": "testuser15"
},
"email": null,
"errorCode": null,
"errorMessage": "",
"id": "U01KGD53152",
"instanceName": "Slack IAM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "testuser15"
}
}
}

Human Readable Output#

Create User Results (Slack IAM)#

brandinstanceNamesuccessactiveidusernamedetails
Slack IAMSlack IAM_instance_1truetrueU01KGD53152testuser15schemas: urn:scim:schemas:core:1.0
id: U01KGD53152
externalId:
meta: {"created": "2021-01-20T08:15:37-08:00", "location": "https://api.slack.com/scim/v1/Users/U01KGD53152"}
userName: testuser15
nickName: testuser15
name: {"givenName": "testuser15", "familyName": ""}
displayName: testuser15
profileUrl: https://panwtest.enterprise.slack.com/team/testuser15
title:
timezone: America/Los_Angeles
active: true
emails: {'value': 'testdemistomock15@paloaltonetworks.com', 'primary': True}
photos: {'value': 'https://secure.gravatar.com/avatar/17de069a77ac9bf8c47f0c9a4893f598.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-192.png', 'type': 'photo'}
groups:

iam-update-user#


Updates an existing user with the data passed in the user-profile argument.

Base Command#

iam-update-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required
allow-enableWhen set to true, after the command execution the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

``!iam-update-user user-profile={"email": "testtesting@paloaltonetworks.com", "active": "true"}````

Context Example#

{
"IAM": {
"UserProfile": {
"active": "true",
"email": "testtesting@paloaltonetworks.com"
},
"Vendor": {
"action": "update",
"active": true,
"brand": "Slack IAM",
"details": {
"active": true,
"displayName": "powershelly12",
"emails": [
{
"primary": true,
"value": "testtesting@paloaltonetworks.com"
}
],
"externalId": "",
"groups": [],
"id": "U01JYDGBC3Y",
"meta": {
"created": "2021-01-19T07:41:11-08:00",
"location": "https://api.slack.com/scim/v1/Users/U01JYDGBC3Y"
},
"name": {
"familyName": "",
"givenName": "powershelly12"
},
"nickName": "powershelly12",
"photos": [
{
"type": "photo",
"value": "https://secure.gravatar.com/avatar/5f359e3923fc928897380e3e90cb980e.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0007-192.png"
}
],
"profileUrl": "https://panwtest.enterprise.slack.com/team/powershelly12",
"schemas": [
"urn:scim:schemas:core:1.0"
],
"timezone": "America/Los_Angeles",
"title": "",
"userName": "powershelly12"
},
"email": "testtesting@paloaltonetworks.com",
"errorCode": null,
"errorMessage": "",
"id": "U01JYDGBC3Y",
"instanceName": "Slack IAM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "powershelly12"
}
}
}

Human Readable Output#

Update User Results (Slack IAM)#

brandinstanceNamesuccessactiveidusernameemaildetails
Slack IAMSlack IAM_instance_1truetrueU01JYDGBC3Ypowershelly12testtesting@paloaltonetworks.comschemas: urn:scim:schemas:core:1.0
id: U01JYDGBC3Y
externalId:
meta: {"created": "2021-01-19T07:41:11-08:00", "location": "https://api.slack.com/scim/v1/Users/U01JYDGBC3Y"}
userName: powershelly12
nickName: powershelly12
name: {"givenName": "powershelly12", "familyName": ""}
displayName: powershelly12
profileUrl: https://panwtest.enterprise.slack.com/team/powershelly12
title:
timezone: America/Los_Angeles
active: true
emails: {'value': 'testtesting@paloaltonetworks.com', 'primary': True}
photos: {'value': 'https://secure.gravatar.com/avatar/5f359e3923fc928897380e3e90cb980e.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0007-192.png', 'type': 'photo'}
groups:

iam-get-user#


Retrieves a single user resource.

Base Command#

iam-get-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

``!iam-get-user user-profile={"email": "testdemistomock@paloaltonetworks.com", "userName": "powershelly10"}````

Context Example#

{
"IAM": {
"UserProfile": {
"active": false,
"displayName": "powershelly10",
"emails": [
{
"primary": true,
"value": "testdemistomock@paloaltonetworks.com"
}
],
"externalId": "",
"groups": [],
"id": "U01KHS7J7U1",
"meta": {
"created": "2021-01-19T07:46:20-08:00",
"location": "https://api.slack.com/scim/v1/Users/U01KHS7J7U1"
},
"name": {
"familyName": "",
"givenName": "powershelly10"
},
"nickName": "powershelly10",
"photos": [
{
"type": "photo",
"value": "https://secure.gravatar.com/avatar/e14bda84be03871922c78d0d03caa901.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-192.png"
}
],
"profileUrl": "https://panwtest.enterprise.slack.com/team/powershelly10",
"schemas": [
"urn:scim:schemas:core:1.0"
],
"timezone": "America/Los_Angeles",
"title": "",
"userName": "powershelly10"
},
"Vendor": {
"action": "get",
"active": false,
"brand": "Slack IAM",
"details": {
"active": false,
"displayName": "powershelly10",
"emails": [
{
"primary": true,
"value": "testdemistomock@paloaltonetworks.com"
}
],
"externalId": "",
"groups": [],
"id": "U01KHS7J7U1",
"meta": {
"created": "2021-01-19T07:46:20-08:00",
"location": "https://api.slack.com/scim/v1/Users/U01KHS7J7U1"
},
"name": {
"familyName": "",
"givenName": "powershelly10"
},
"nickName": "powershelly10",
"photos": [
{
"type": "photo",
"value": "https://secure.gravatar.com/avatar/e14bda84be03871922c78d0d03caa901.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-192.png"
}
],
"profileUrl": "https://panwtest.enterprise.slack.com/team/powershelly10",
"schemas": [
"urn:scim:schemas:core:1.0"
],
"timezone": "America/Los_Angeles",
"title": "",
"userName": "powershelly10"
},
"email": "testdemistomock@paloaltonetworks.com",
"errorCode": null,
"errorMessage": "",
"id": "U01KHS7J7U1",
"instanceName": "Slack IAM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "powershelly10"
}
}
}

Human Readable Output#

Get User Results (Slack IAM)#

brandinstanceNamesuccessactiveidusernameemaildetails
Slack IAMSlack IAM_instance_1truefalseU01KHS7J7U1powershelly10testdemistomock@paloaltonetworks.comschemas: urn:scim:schemas:core:1.0
id: U01KHS7J7U1
externalId:
meta: {"created": "2021-01-19T07:46:20-08:00", "location": "https://api.slack.com/scim/v1/Users/U01KHS7J7U1"}
userName: powershelly10
nickName: powershelly10
name: {"givenName": "powershelly10", "familyName": ""}
displayName: powershelly10
profileUrl: https://panwtest.enterprise.slack.com/team/powershelly10
title:
timezone: America/Los_Angeles
active: false
emails: {'value': 'testdemistomock@paloaltonetworks.com', 'primary': True}
photos: {'value': 'https://secure.gravatar.com/avatar/e14bda84be03871922c78d0d03caa901.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-192.png', 'type': 'photo'}
groups:

iam-disable-user#


Disable an active user.

Base Command#

iam-disable-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

``!iam-disable-user user-profile={"email": "testdemistomock@paloaltonetworks.com", "userName": "powershelly10"}````

Context Example#

{
"IAM": {
"UserProfile": {
"email": "testdemistomock@paloaltonetworks.com",
"userName": "powershelly10"
},
"Vendor": {
"action": "disable",
"active": false,
"brand": "Slack IAM",
"details": {
"active": false,
"displayName": "powershelly10",
"emails": [
{
"primary": true,
"value": "testdemistomock@paloaltonetworks.com"
}
],
"externalId": "",
"groups": [],
"id": "U01KHS7J7U1",
"meta": {
"created": "2021-01-19T07:46:20-08:00",
"location": "https://api.slack.com/scim/v1/Users/U01KHS7J7U1"
},
"name": {
"familyName": "",
"givenName": "powershelly10"
},
"nickName": "powershelly10",
"photos": [
{
"type": "photo",
"value": "https://secure.gravatar.com/avatar/e14bda84be03871922c78d0d03caa901.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-192.png"
}
],
"profileUrl": "https://panwtest.enterprise.slack.com/team/powershelly10",
"schemas": [
"urn:scim:schemas:core:1.0"
],
"timezone": "America/Los_Angeles",
"title": "",
"userName": "powershelly10"
},
"email": "testdemistomock@paloaltonetworks.com",
"errorCode": null,
"errorMessage": "",
"id": "U01KHS7J7U1",
"instanceName": "Slack IAM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "powershelly10"
}
}
}

Human Readable Output#

Disable User Results (Slack IAM)#

brandinstanceNamesuccessactiveidusernameemaildetails
Slack IAMSlack IAM_instance_1truefalseU01KHS7J7U1powershelly10testdemistomock@paloaltonetworks.comschemas: urn:scim:schemas:core:1.0
id: U01KHS7J7U1
externalId:
meta: {"created": "2021-01-19T07:46:20-08:00", "location": "https://api.slack.com/scim/v1/Users/U01KHS7J7U1"}
userName: powershelly10
nickName: powershelly10
name: {"givenName": "powershelly10", "familyName": ""}
displayName: powershelly10
profileUrl: https://panwtest.enterprise.slack.com/team/powershelly10
title:
timezone: America/Los_Angeles
active: false
emails: {'value': 'testdemistomock@paloaltonetworks.com', 'primary': True}
photos: {'value': 'https://secure.gravatar.com/avatar/e14bda84be03871922c78d0d03caa901.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-192.png', 'type': 'photo'}
groups: