Prerequisites for using Dialogs Bot in Slack
Overview
Before configuring the Dialogs bot with Slack, ensure the following prerequisites are completed:
Slack users must have valid account for using a workspace. By default, any member of a Slack workspace can install an app. Once an app is installed, all members of the workspace can connect their accounts to use it.
A running Kyvos instance
A public HTTPS endpoint for the Dialogs bot server
Kyvos manifest file
Kyvos Web-based SSO must be enabled, and OIDC must be configured for public clients. This release supports only Azure OAuth.
Slack Requirements
Users must have a valid Slack license to access and use the Dialogs bot.
Users must have a valid workspace access and required permissions to configure the Dialogs bot in Slack.
Software requirements
A running Kyvos Server where the Dialogs bot Server will be deployed.
Slack Configuration Requirements
Dialogs bot integrates with Slack through Slack API Portal at: https://api.slack.com/apps).
On this page:
Related topics:
Ensure that the Fully Qualified Domain Name (FQDN) is accessible at:
https://<FQDN>:3978Register the application in Slack through the Slack API Portal to enable the Dialogs Bot integration. The configuration process includes the following steps:
Create a new Slack App.
Verify that the Dialogs Bot is available in the Slack App.
Configure Slack properties for the Dialogs Bot from Kyvos Manager.
Configure the OAuth Redirect URL in the Identity Provider (IDP). This release supports only Azure OAuth.
For further details, see the Configuring Kyvos Dialogs Bot in Slack section.
Kyvos Web Portal SSO Configuration
Ensure that Kyvos Web-based Single Sign-On (SSO) is enabled and OpenID Connect (OIDC) is configured for public clients before setting up the Kyvos Dialogs Bot integration with Slack. During OIDC public setting configurations, you need to provide the following details:
Parameter | Description |
|---|---|
Client ID | Kyvos authorization server (IDP) Client ID. <OAuth_Client_ID> |
Authorization URL | Endpoint URL provided by the authorization server. https://login.windows.net/<OAuth_TENANT_ID>>/oauth2/v2.0/authorize Note: Replace the <OAuth_TENANT_ID> with your Kyvos IDP tenant ID. |
Token URL | Access Token Endpoint URL provided by the authorization server. https://login.windows.net/%3COAuth_TENANT_ID%3E%3E/oauth2/v2.0/token |
Scope | Space-separated lists of identifiers are used to specify what access privileges are being requested from the authorization server in the initial authorization request. If left blank, the default 'openid profile email' will be used |
Single Logout URL | URL to which the users are redirected on logging out. If left blank, there will be no single logout. |
Server OpenID Metadata URL | Endpoint URL on the authorization server which provides metadata about the OIDC configuration of the authorization server. |
Verify ID Token | Select the checkbox to verify the signature of the ID tokens. If it is set as No, Kyvos will retrieve ID Token, decode it, and will use its claims without verifying its signature. |
Claim Type | Value type of the claim. |
Claim Name | Claim name Kyvos should read from the token ID. For example, preferred_username |
For further details, see the OIDC based external authentication for Kyvos Manager section.
Dialogs Bot Configurations (Only for HTTPS/ Both Server)
Log in to the Web Portal terminal.
Keep the fully qualified path to the .jks file handy that was used to configure HTTPS on Kyvos.
Configure HOSTNAME in kyvos/dialogsbot/bin/start-bot.sh. Hostname must be the same as the mapped machine domain name.