Skip to main content

ChatOps β€” Slack and Teams

Before configuring Access Flows, it's important to integrate Apono with the communication tools the team already uses daily. Without this integration, access requests and approvals are restricted to the web dashboard β€” which adds friction and slows down the process.

Apono supports integration with Slack and Microsoft Teams, allowing the entire access request and approval flow to happen directly in chat, without anyone needing to open the dashboard.

Why ChatOps?​

The ChatOps concept applied to access control solves a real problem: reducing friction between needing access and obtaining it. If the developer needs to open a separate tab, log into another portal, and fill out a form to request access, the tendency is to seek shortcuts β€” like asking a colleague for credentials or keeping permanent access "for convenience".

With Apono integrated into Slack or Teams:

  • The requester asks for access without leaving the chat β€” with a simple command or interaction.
  • The approver receives the notification in the same place where they already work and approves with one click.
  • Access is granted in seconds and automatically revoked when the time expires.

This transforms JIT Access from a bureaucratic process into something natural within the team's workflow.

The Traditional Process vs. ChatOps​

To understand the impact of ChatOps, consider the flow that most organizations follow today when a developer needs a temporary permission β€” for example, read access to a production database to investigate an incident:

Without Apono (Traditional Process)​

  1. The developer opens a Jira ticket (or ServiceNow, Freshdesk, etc.) describing the needed access and justification.
  2. The ticket enters the Service Desk queue.
  3. The Service Desk analyzes and redirects to the responsible team (e.g., IAM team, DevOps, DBA, etc).
  4. The responsible person evaluates the request, verifies if it makes sense, and manually adjusts the role or policy in the AWS console or via IaC.
  5. The developer is notified that access has been granted.
  6. After use, someone needs to remember to revoke the access β€” or it remains active indefinitely.

Total time: hours to days, depending on the availability of the teams involved and the ticket priority. During a production incident, this wait time can mean the difference between a quick resolution and prolonged downtime.

With Apono + ChatOps​

  1. The developer types /apono in Slack and selects the resource and permission.
  2. The approver receives the notification in Slack and clicks Approve.
  3. Access is granted automatically by Apono in seconds.
  4. After the defined time, access is automatically revoked β€” without manual action.

Total time: seconds to minutes. Everything documented in the audit log, no tickets, no redirections, no oversights.

The difference is not just speed β€” it's about the model. In the traditional process, access control depends on people remembering to do and undo things. With Apono, the system ensures that access is granted only when approved and revoked when it expires, without depending on human memory.

Slack Integration​

Slack is Apono's most common and complete integration. Configuration is done through a Slack App (Bot) installed in your organization's workspace.

Configuring the Slack Bot​

  1. In the Apono dashboard, navigate to Settings β†’ Integrations β†’ Slack.
  2. Click Connect β€” this redirects to Slack to authorize the app installation.
  3. Authorize the app in the desired workspace with the requested permissions.
  4. After authorization, the bot appears as Active in the Apono dashboard.

The bot needs permissions to:

  • Send messages in channels and DMs.
  • Receive interactions (approval button clicks).
  • Read basic workspace information (users, channels).

Apono does not read messages from channels or conversations. Permissions are exclusively for sending notifications and receiving approval interactions.

What the Bot Does in Practice​

After installation, the Apono Slack Bot acts in two main moments:

Access Request​

The user can request access directly through Slack in two ways:

  • /apono command β€” opens an interactive form (modal) where the user selects the resource, permission type, and justification.
  • Direct message to the bot β€” the bot guides the user step by step through the request.

The request form respects the configured Access Flows β€” the user only sees the resources and permissions that the flows allow for them.

Notification and Approval​

When a request requires manual approval, the approver receives a Slack message with:

  • Who is requesting access.
  • What β€” which resource and permission type.
  • Why β€” the justification provided by the requester.
  • For how long β€” the requested access duration.
  • Action buttons β€” Approve and Deny directly in the message.

The approver clicks Approve or Deny without leaving Slack. The decision is recorded in Apono's audit log with the timestamp and approver's identity.

Auto-Approval in Slack​

When an Access Flow is configured with automatic approval, the Slack flow is even faster:

  1. The user requests via /apono.
  2. Apono evaluates the flow and approves automatically.
  3. The user receives confirmation in Slack within seconds β€” without anyone's intervention.

This is ideal for development environments where the goal is to give quick access without bureaucracy, while still maintaining the complete record in the audit log.

Microsoft Teams Integration​

Apono also supports integration with Microsoft Teams, following the same Slack concept. Configuration is done through the Teams app marketplace or directly through the Apono dashboard.

The flow is similar:

  • Access request via bot in Teams.
  • Approval notifications with interactive buttons.
  • Complete record in the audit log.

If your organization uses both (Slack and Teams), it's possible to configure both simultaneously. Each Access Flow can be directed to the most appropriate tool for each team.

Self-Service Portal (Dashboard)​

In addition to Slack and Teams, Apono maintains a self-service portal on its own web dashboard. This portal is always available as a fallback β€” even if chat integrations are configured, any user can access the dashboard to request access.

The portal is especially useful for:

  • Users who don't have access to Slack/Teams (e.g., external auditors, consultants).
  • Viewing the history of previous requests.
  • Tracking the status of pending requests.

Which to Configure First?​

The recommendation is to configure the Slack (or Teams) integration before creating Access Flows. This way, when flows are activated, notifications already have somewhere to go and the team can interact with the system naturally.

ChatOps is not just a convenience β€” it's what transforms Apono from a security tool into a workflow integrated into the team's daily routine. When requesting and approving access is as simple as sending a message on Slack, adoption happens naturally and resistance to change decreases significantly.