[Slack] Handle the incoming requests (/genie commands) with a global integration! Here is why:


#1

If you are using our SlackApp, chances are, that you have multiple channels and you do route your alerts to these based on different conditions. Are you using OpsGenie in a segmented way? If yes and your teams have their own integrations, you should definitely consider doing this.

There are two areas, which you should understand before selecting the Slack integration which handles the commands:

I. Integration types

In OpsGenie, there are two different type of integrations, based on permission levels:

  • Global integrations, which are assigned to No Team
  • Team based integrations, which are assigned to a team

There are significant differences between these two. An integration which is assigned to a team can only route alerts to that particular team and will be triggered (if it has an outgoing part) only for alerts which belong to the owner team. The API key of these team integrations can only access team related configurations and alerts. A global integration can be managed by global admins only, while team integrations can be seen/modified/added by team admins.

Regarding Slack, an assigned integration will be able to execute commands only connected to alerts which belong to that particular team. Imagine a List Alerts request - the maximum that can return is the list of alerts the team owns.

II. Execute commands option in the Slack integration settings

Due to limitations and design, you have to select a single integration which is handling the incoming commands from Slack, per Slack team! This is the main reason why we are talking about this.

Solution:

If you select an assigned integration to execute the commands arriving from your slack team’s channels, the scope of alerts and configurations will be heavily limited (only team related alerts and configurations). This is the reason why you should:

1.) Create a slack integration which is assigned to No Team so that it can access any alert, regardless of team, and any configuration items on the account.
2.) Enabled the execute commands on this integration
3.) Enable Require Matching user option

The last step is needed for a simple reason: the global integration indeed can access anything on the account, which of course you don’t want to enable for every user. You can force users to ‘map’ their slack credentials with their OpsGenie credentials. This way, they are only allowed to access alerts from slack which they are eligible to on the web app as well.

TL;DR: Select a slack integration assigned to No Team to execute commands and enable the Require Matching User option to grant proper access to all your teams and users.