Customizable Slack App

Use SlackOps for seamless access and approval decisions

Suggest Edits

Sym helps you prioritize collaboration and visibility through our tight integration with Slack. Our Slack app gives you a prebuilt workflow with all the primitives that you need for just-in-time access flows.

We build on strong flow abstractions so that you don’t need to reinvent the wheel each time you’re thinking about a new target access problem. Our guardrails let you get going quickly while providing the customization hooks to make each Sym Flow feel like its own.

Steps of a Sym Flow

Sym Flows follow the same series of steps:

  • Prompt: a user sees all available Access Targets
  • Request: a user selects a Target, and their request is routed for Approval
  • Approve/Deny: The request is resolved, either by human action or an SDK rule
  • Escalate: If approved, the user's access is escalated in the Target system
  • Deescalate: After a duration, the user's access is deescalated.

Flows can be triggered via Slack, our webapp, or API; all human steps take place in either Slack or our Webapp; and the escalate/deescalate cycle is handled via Sym's various integrations

2377

The five steps of a Sym Flow

📘

Sym Flows can be kicked off via API, too

Sym's Events API can be used instead of Slack to move through the Prompt + Request stages of a Sym Flow.

Built-in notifications and approval blocks

We take care of sending approval requests with appropriate context to the right people when they are required. We notify requesters when their access is approved, rejected, or expired.

Add context to your Flows

By letting your users provide more context data in your requests, you can better route and automate these requests in the Sym workflow engine.

Here we add an urgency field to our flow:

# The Flow that grants users access to SSO targets.
resource "sym_flow" "aws_sso" {
  name  = "aws_sso"
  label = "AWS Access"

  implementation = file("${path.module}/sso_flow.py")

  ...

  params {
    ...

    prompt_field {
      name           = "urgency"
      label          = "Urgency"
      type           = "string"
      required       = true
      allowed_values = ["Normal", "Emergency"]
    }
  }
}

And now we access it in the SDK to fast-track:

# Hooks let you change the control flow of your workflow.
@hook
def on_request(evt):
    """
    If this is an emergency request, then auto-approve the workflow.
    """
    fvars = evt.flow.vars
    urgency = evt.payload.fields.get("urgency", "")
    if urgency == "Emergency":
        target = evt.payload.fields["target"]
        message = f"{evt.user.email} was fast tracked {target.label} AWS access."
        return ApprovalTemplate.approve(reason=message)

Integrate dynamic fields with prefetch

Sym's prefetch hook lets you populate request fields with data from some backing API. You can retrieve data from an HTTP endpoint or invoke a Lambda function.

@prefetch(field_name="pokemon")
def get_pokemon(evt):
  # Make an API Call or even invoke an AWS Lambda
  response = requests.get(url="https://pokeapi.co/api/v2/pokemon?limit=100")
  all_pokemon = response.json()["results"]

  # Return a list of FieldOption
  return [
    FieldOption(value=pokemon["name"], label=pokemon["name"].upper())
    for pokemon 
    in all_pokemon
  ]

Updated 5 months ago