Skip to main content

Slack IAM

This Integration is part of the Slack Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Note: This integration should be used as part of our Identity Lifecycle Management premium pack. For further details, visit our IAM pack documentation.

Integrate with Slack's services to execute CRUD operations for employee lifecycle processes. For more information, please refer to the Identity Lifecycle Management article.

Configure Slack IAM in Cortex#

ParameterDescriptionRequired
access_tokenAccess TokenTrue
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
create_user_enabledAllow creating users. If set to false, iam-create-user command will be skipped, and user will not be created.False
update_user_enabledAllow updating usersFalse
enable_user_enabledAllow enabling usersFalse
disable_user_enabledAllow disabling usersFalse
create_if_not_existsAutomatically create user if not found in update commandFalse
mapper_inIncoming MapperTrue
mapper_outOutgoing MapperTrue

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

iam-create-user#


Creates a user.

Base Command#

iam-create-user

Input#

Argument NameDescriptionRequired
user-profileUser Profile indicator details.Required
allow-enableWhen set to true, after the command execution the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

``!iam-create-user user-profile={"emails": ["testdemistomock15@paloaltonetworks.com"], "userName": "testuser15"}````

Context Example#

{
"IAM": {
"UserProfile": {
"emails": [
"testdemistomock15@paloaltonetworks.com"
],
"userName": "testuser15"
},
"Vendor": {
"action": "create",
"active": true,
"brand": "Slack IAM",
"details": {
"active": true,
"displayName": "testuser15",
"emails": [
{
"primary": true,
"value": "testdemistomock15@paloaltonetworks.com"
}
],
"externalId": "",
"groups": [],
"id": "U01KGD53152",
"meta": {
"created": "2021-01-20T08:15:37-08:00",
"location": "https://api.slack.com/scim/v1/Users/U01KGD53152"
},
"name": {
"familyName": "",
"givenName": "testuser15"
},
"nickName": "testuser15",
"photos": [
{
"type": "photo",
"value": "https://secure.gravatar.com/avatar/17de069a77ac9bf8c47f0c9a4893f598.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-192.png"
}
],
"profileUrl": "https://panwtest.enterprise.slack.com/team/testuser15",
"schemas": [
"urn:scim:schemas:core:1.0"
],
"timezone": "America/Los_Angeles",
"title": "",
"userName": "testuser15"
},
"email": null,
"errorCode": null,
"errorMessage": "",
"id": "U01KGD53152",
"instanceName": "Slack IAM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "testuser15"
}
}
}

Human Readable Output#

Create User Results (Slack IAM)#

brandinstanceNamesuccessactiveidusernamedetails
Slack IAMSlack IAM_instance_1truetrueU01KGD53152testuser15schemas: urn:scim:schemas:core:1.0
id: U01KGD53152
externalId:
meta: {"created": "2021-01-20T08:15:37-08:00", "location": "https://api.slack.com/scim/v1/Users/U01KGD53152"}
userName: testuser15
nickName: testuser15
name: {"givenName": "testuser15", "familyName": ""}
displayName: testuser15
profileUrl: https://panwtest.enterprise.slack.com/team/testuser15
title:
timezone: America/Los_Angeles
active: true
emails: {'value': 'testdemistomock15@paloaltonetworks.com', 'primary': True}
photos: {'value': 'https://secure.gravatar.com/avatar/17de069a77ac9bf8c47f0c9a4893f598.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-192.png', 'type': 'photo'}
groups:

iam-update-user#


Updates an existing user with the data passed in the user-profile argument.

Base Command#

iam-update-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required
allow-enableWhen set to true, after the command execution the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

``!iam-update-user user-profile={"email": "testtesting@paloaltonetworks.com", "active": "true"}````

Context Example#

{
"IAM": {
"UserProfile": {
"active": "true",
"email": "testtesting@paloaltonetworks.com"
},
"Vendor": {
"action": "update",
"active": true,
"brand": "Slack IAM",
"details": {
"active": true,
"displayName": "powershelly12",
"emails": [
{
"primary": true,
"value": "testtesting@paloaltonetworks.com"
}
],
"externalId": "",
"groups": [],
"id": "U01JYDGBC3Y",
"meta": {
"created": "2021-01-19T07:41:11-08:00",
"location": "https://api.slack.com/scim/v1/Users/U01JYDGBC3Y"
},
"name": {
"familyName": "",
"givenName": "powershelly12"
},
"nickName": "powershelly12",
"photos": [
{
"type": "photo",
"value": "https://secure.gravatar.com/avatar/5f359e3923fc928897380e3e90cb980e.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0007-192.png"
}
],
"profileUrl": "https://panwtest.enterprise.slack.com/team/powershelly12",
"schemas": [
"urn:scim:schemas:core:1.0"
],
"timezone": "America/Los_Angeles",
"title": "",
"userName": "powershelly12"
},
"email": "testtesting@paloaltonetworks.com",
"errorCode": null,
"errorMessage": "",
"id": "U01JYDGBC3Y",
"instanceName": "Slack IAM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "powershelly12"
}
}
}

Human Readable Output#

Update User Results (Slack IAM)#

brandinstanceNamesuccessactiveidusernameemaildetails
Slack IAMSlack IAM_instance_1truetrueU01JYDGBC3Ypowershelly12testtesting@paloaltonetworks.comschemas: urn:scim:schemas:core:1.0
id: U01JYDGBC3Y
externalId:
meta: {"created": "2021-01-19T07:41:11-08:00", "location": "https://api.slack.com/scim/v1/Users/U01JYDGBC3Y"}
userName: powershelly12
nickName: powershelly12
name: {"givenName": "powershelly12", "familyName": ""}
displayName: powershelly12
profileUrl: https://panwtest.enterprise.slack.com/team/powershelly12
title:
timezone: America/Los_Angeles
active: true
emails: {'value': 'testtesting@paloaltonetworks.com', 'primary': True}
photos: {'value': 'https://secure.gravatar.com/avatar/5f359e3923fc928897380e3e90cb980e.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0007-192.png', 'type': 'photo'}
groups:

iam-get-user#


Retrieves a single user resource.

Base Command#

iam-get-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

``!iam-get-user user-profile={"email": "testdemistomock@paloaltonetworks.com", "userName": "powershelly10"}````

Context Example#

{
"IAM": {
"UserProfile": {
"active": false,
"displayName": "powershelly10",
"emails": [
{
"primary": true,
"value": "testdemistomock@paloaltonetworks.com"
}
],
"externalId": "",
"groups": [],
"id": "U01KHS7J7U1",
"meta": {
"created": "2021-01-19T07:46:20-08:00",
"location": "https://api.slack.com/scim/v1/Users/U01KHS7J7U1"
},
"name": {
"familyName": "",
"givenName": "powershelly10"
},
"nickName": "powershelly10",
"photos": [
{
"type": "photo",
"value": "https://secure.gravatar.com/avatar/e14bda84be03871922c78d0d03caa901.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-192.png"
}
],
"profileUrl": "https://panwtest.enterprise.slack.com/team/powershelly10",
"schemas": [
"urn:scim:schemas:core:1.0"
],
"timezone": "America/Los_Angeles",
"title": "",
"userName": "powershelly10"
},
"Vendor": {
"action": "get",
"active": false,
"brand": "Slack IAM",
"details": {
"active": false,
"displayName": "powershelly10",
"emails": [
{
"primary": true,
"value": "testdemistomock@paloaltonetworks.com"
}
],
"externalId": "",
"groups": [],
"id": "U01KHS7J7U1",
"meta": {
"created": "2021-01-19T07:46:20-08:00",
"location": "https://api.slack.com/scim/v1/Users/U01KHS7J7U1"
},
"name": {
"familyName": "",
"givenName": "powershelly10"
},
"nickName": "powershelly10",
"photos": [
{
"type": "photo",
"value": "https://secure.gravatar.com/avatar/e14bda84be03871922c78d0d03caa901.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-192.png"
}
],
"profileUrl": "https://panwtest.enterprise.slack.com/team/powershelly10",
"schemas": [
"urn:scim:schemas:core:1.0"
],
"timezone": "America/Los_Angeles",
"title": "",
"userName": "powershelly10"
},
"email": "testdemistomock@paloaltonetworks.com",
"errorCode": null,
"errorMessage": "",
"id": "U01KHS7J7U1",
"instanceName": "Slack IAM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "powershelly10"
}
}
}

Human Readable Output#

Get User Results (Slack IAM)#

brandinstanceNamesuccessactiveidusernameemaildetails
Slack IAMSlack IAM_instance_1truefalseU01KHS7J7U1powershelly10testdemistomock@paloaltonetworks.comschemas: urn:scim:schemas:core:1.0
id: U01KHS7J7U1
externalId:
meta: {"created": "2021-01-19T07:46:20-08:00", "location": "https://api.slack.com/scim/v1/Users/U01KHS7J7U1"}
userName: powershelly10
nickName: powershelly10
name: {"givenName": "powershelly10", "familyName": ""}
displayName: powershelly10
profileUrl: https://panwtest.enterprise.slack.com/team/powershelly10
title:
timezone: America/Los_Angeles
active: false
emails: {'value': 'testdemistomock@paloaltonetworks.com', 'primary': True}
photos: {'value': 'https://secure.gravatar.com/avatar/e14bda84be03871922c78d0d03caa901.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-192.png', 'type': 'photo'}
groups:

iam-disable-user#


Disable an active user.

Base Command#

iam-disable-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

``!iam-disable-user user-profile={"email": "testdemistomock@paloaltonetworks.com", "userName": "powershelly10"}````

Context Example#

{
"IAM": {
"UserProfile": {
"email": "testdemistomock@paloaltonetworks.com",
"userName": "powershelly10"
},
"Vendor": {
"action": "disable",
"active": false,
"brand": "Slack IAM",
"details": {
"active": false,
"displayName": "powershelly10",
"emails": [
{
"primary": true,
"value": "testdemistomock@paloaltonetworks.com"
}
],
"externalId": "",
"groups": [],
"id": "U01KHS7J7U1",
"meta": {
"created": "2021-01-19T07:46:20-08:00",
"location": "https://api.slack.com/scim/v1/Users/U01KHS7J7U1"
},
"name": {
"familyName": "",
"givenName": "powershelly10"
},
"nickName": "powershelly10",
"photos": [
{
"type": "photo",
"value": "https://secure.gravatar.com/avatar/e14bda84be03871922c78d0d03caa901.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-192.png"
}
],
"profileUrl": "https://panwtest.enterprise.slack.com/team/powershelly10",
"schemas": [
"urn:scim:schemas:core:1.0"
],
"timezone": "America/Los_Angeles",
"title": "",
"userName": "powershelly10"
},
"email": "testdemistomock@paloaltonetworks.com",
"errorCode": null,
"errorMessage": "",
"id": "U01KHS7J7U1",
"instanceName": "Slack IAM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "powershelly10"
}
}
}

Human Readable Output#

Disable User Results (Slack IAM)#

brandinstanceNamesuccessactiveidusernameemaildetails
Slack IAMSlack IAM_instance_1truefalseU01KHS7J7U1powershelly10testdemistomock@paloaltonetworks.comschemas: urn:scim:schemas:core:1.0
id: U01KHS7J7U1
externalId:
meta: {"created": "2021-01-19T07:46:20-08:00", "location": "https://api.slack.com/scim/v1/Users/U01KHS7J7U1"}
userName: powershelly10
nickName: powershelly10
name: {"givenName": "powershelly10", "familyName": ""}
displayName: powershelly10
profileUrl: https://panwtest.enterprise.slack.com/team/powershelly10
title:
timezone: America/Los_Angeles
active: false
emails: {'value': 'testdemistomock@paloaltonetworks.com', 'primary': True}
photos: {'value': 'https://secure.gravatar.com/avatar/e14bda84be03871922c78d0d03caa901.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-192.png', 'type': 'photo'}
groups:

iam-create-group#


Creates an empty group

Base Command#

iam-create-group

Input#

Argument NameDescriptionRequired
scimGroup SCIM data with displayName.Required

Context Output#

PathTypeDescription
CreateGroup.idStringID of the group.
CreateGroup.displayNameStringThe display name of the group.
CreateGroup.successBooleanIndicates whether the command succeeded.
CreateGroup.errorCodeNumberHTTP error response code.
CreateGroup.errorMessageStringReason why the API failed.

iam-get-group#


Retrieves the group information including members

Base Command#

iam-get-group

Input#

Argument NameDescriptionRequired
scimGroup SCIM Data.Required
includeMembersWheather to include group's members. Possible values are: true, false. Default is false.Optional

Context Output#

PathTypeDescription
GetGroup.idStringID of the group.
GetGroup.displayNameStringThe display name of the group.
GetGroup.members.displayStringThe display name of the group member.
GetGroup.members.valueStringID of the group member.
GetGroup.successBooleanIndicates whether the command succeeded.
GetGroup.errorCodeNumberHTTP error response code.
GetGroup.errorMessageStringReason why the API failed.

iam-delete-group#


Permanently removes a group.

Base Command#

iam-delete-group

Input#

Argument NameDescriptionRequired
scimGroup SCIM with id in it.Required

Context Output#

PathTypeDescription
DeleteGroup.idStringID of the group.
DeleteGroup.displayNameStringThe display name of the group.
DeleteGroup.successBooleanIndicates whether the command succeeded.
DeleteGroup.errorCodeNumberHTTP error response code.
DeleteGroup.errorMessageStringReason why the API failed.

iam-update-group#


Updates an existing group resource. This command allows individual (or groups of) users to be added or removed from the group with a single operation. A max of 15,000 users can be modified in 1 call

Base Command#

iam-update-group

Input#

Argument NameDescriptionRequired
scimGroup SCIM data.Required
memberIdsToAddList of members ids to add. A maximum of 15,000 users per call can be modified using this command.Optional
memberIdsToDeleteList of members ids to be deleted from the group. A maximum of 15,000 users per call can be modified using this command.Optional

Context Output#

PathTypeDescription
UpdateGroup.idStringID of the group.
UpdateGroup.displayNameStringThe display name of the group.
UpdateGroup.successBooleanIndicates whether the command succeeded.
UpdateGroup.errorCodeNumberHTTP error response code.
UpdateGroup.errorMessageStringReason why the API failed.