Sym is the security workflow platform
for engineers,
by engineers

We solve the intent-to-execution gap between policies and workflows by providing fast-moving engineering teams with the primitives to roll out best-practice controls.

SYM + Slack

To set up Sym in your Slack workspace, first create a connector using the symflow CLI.

Then, enter the token to the rightbelow to continue.

Sym is privacy-first

Sym takes the privacy and security of our customers very seriously. Our Slack App only requests the OAuth scopes it needs to listen for incoming slash commands, send new messages, and update those messages. All data is encrypted at rest and in transit. Read our full privacy policy here.

By default, the Sym Slack App cannot read or post to private channels that it is not in. You must invite the app to a private channel for it to read or post any messages in that channel. Removing the app from a private channel revokes all access to that channel.

Request and approve access in Slack

Your team can request access to sensitive infrastructure in Slack. Once a request is fast-tracked or peer-approved, Sym users can use existing tooling in the same way as before. Sym's centralized logging tracks the approval process.

Request and approve access in Slack

Customize any aspect of your workflow

Define the set of valid approvers for each request with our SDK. Requests are dynamically routed to the right Slack DM, Slack channel, or they can even start in Slack and ping approvers on other platforms.

Customize any aspect of your workflow

Improve security posture and reduce risk

Automation makes it easy for engineers to safely gain access to sensitive resources which makes it possible to reduce access windows and default privileges. Sym helps you significantly reduce the total scope of access employees have at any given time.

Improve security posture and reduce risk

The Sym Slack App requires the following OAuth scopes:

Swipe below to see full table

Scope

Related API Calls

Reason for Scope(s)

channels.join
conversations.join
Sym’s Slack App auto-joins configured channels it has access to so it can send messages such as access request forms.
channels:manage,
groups:write,
im:write,
mpim:write
conversations.create,
conversations.open
Sym’s Slack App can create direct messages and create group direct messages, as configured, to send messages such as access request forms to users.
groups:read,
channels:read
conversations.list
Sym Flows can be configured to send messages to channels by name. To do this, Sym must map channel names to channel IDs. conversations.list is used to read all channels to perform that mapping.
chat:write
chat.postEphemeral,
chat.postMessage
Sym’s Slack App can send messages such as access request forms or ephemeral messages such as notifications to a user that their permissions have been escalated.
commands
N/A
Sym’s Slack App may define shortcuts and/or slash commands to trigger Sym actions such as access requests.
users:read,
users:read.email
users.info
Sym must map Slack User IDs to Sym Users, and uses email to do so.