Tech Brief

NextPlane ConverseCloud vs.Slack Guest Account

Collaboration platforms, such as Slack, provide uninhibited collaboration within the enterprise. But, increasingly large enterprises are using more than one Team Collaboration solution. And when you look outside the company to customers, partners, or suppliers, the number of collaboration platforms in use becomes even more diverse.

Slack provides Guest Account as an alternative to interoperability. The Guest Account allows your Slack users to invite ANY external users with a business or consumer email account, such as Gmail, to participate as a guest in your Slack with full access to team chats, meetings, and files.

Slack offers two types of Guest Accounts:

  • Multi-Channel – These guest users can access messages and files in selected channels.
  • Single-Channel – These guest users can access messages and files in a single channel.

Slack Account

Though this sounds like an easy way to provide external access for your organization, there are limitations and security risks that you need to consider before enabling Guest Account across your organization.

Let’s walk through the risks of enabling Guest Accounts on your Slack.

Security and Access Control

Both types of Slack Guest Accounts do not offer strong security measures like password complexity check, password expiration, and Two-Factor Authentication (2FA). Slack admin portal does allow Slack admins to de-activate guest users.

As a result, hackers to prey on Slack guest users with weak passwords to rummage through your channels. Most security experts view Slack Guest Account as an unmitigated risk to their infrastructure.

Licensing Limitations

Single-Channel guest users are free. However, there is a limitation of 5 single-channel guest users per paid Slack user. In other words, a company with 1,000 Slack licenses can only send out 5,000 singlechannel guest invitations.

There is no limitation on multi-channel guest users. However, you are bill at the regular member prices. Depending on the pricing plan, Slack can bill you between $8 to $15/person per month. As a result, 1,000 multi-channel guest users can cost up to $15,000.

NextPlane for Slack Federation

Unlike Slack Guest Account, NextPlane gives you user-level control on your federations. It also allows you to track and control your users by federated domains.

To provide you with user-level control requires your users to add the NextPlane app on their Slack workspaces and send chat invitations.

NextPlane app takes advantage of the Slack Apps to provide a richer collaboration experience for both MS Teams and Non-MS Teams users:

  • Add external contacts
  • See external contacts’ profiles
  • Share presence
  • Exchange chat and IM messages with external contacts
  • Invite external users to channels
  • Send messages with rich-text
  • Send messages with emoji reactions
  • Share files

The NextPlane Slack apps act as proxies for external contacts (non-Slack contacts) within a Slack workspace(s). These apps are generated in the NextPlane’s Slack workspace (CloudConverse.Slack.com) to represent your users’ external contacts.

The NextPlane Slack App is not an executable code. It’s a registration of NextPlane ConverseCloud within the Slack infrastructure. This registration provides NextPlane ConverseCloud with an access token to call Slack API methods and listen to Slack events on behalf of the installed NextPlane apps.

Slack users only need to add the nextplane app to their workspace, which is available from NextPlane for Slack.

Adding the nextplane App to a Slack workspace allows NextPlane to create direct chat channels between the Slack user and their external contacts. Every message sent to this channel is translated, via NextPlane ConverseCloud, to the protocol of the external contacts’ platform and vice versa. When external users send chat messages, NextPlane ConverseCloud translates them to the Slack API call that sends the message to the corresponding Slack direct chat channel (DM). These messages are not stored anywhere on the NextPlane infrastructure.

Security

NextPlane ConverseCloud only uses the Slack API to exchange messages with the Slack users. It does not store any of the messages.

For NextPlane ConverseCloud to use Slack API, the nextplane App and the apps representing external contacts will request the following permissions:

  • To receive messages and data
  • To send messages and notifications
  • To access user profile information

To send and receive messages, NextPlane uses authenticated and encrypted channels. The federated platform may use TLS-enabled SIP, XMPP, or HTTP protocol. The Slack users’ messages are transferred via the OAuth2-authenticated and TLS-enabled HTTP connection between NextPlane ConverseCloud and the Slack Web API https://api.slack.com/web.

Privacy

The permissions given to the NextPlane apps allow NextPlane ConverseCloud to:

  • Subscribe and listen to the Slack events, like when users post new messages to their respective Slack direct chat channel (DM), add emoji, invoke a slash command, modify or delete messages. For more information, see https://api.slack.com/events.To send messages and notifications
  • Retrieve and send messages to the Slack direct chat channel (DM). For more information, see https://api.slack.com/methods/im.history, https://api.slack.com/methods/chat.postMessage.

Slack Permissions model (see https://api.slack.com/events-api#permission_model) restricts NextPlane ConverseCloud to only receiving events, retrieving, or sending messages to the Slack direct chat channel (DM) where your Slack users have added the NextPlane apps. NextPlane ConverseCloud has no access to any kind of information (messages or files) shared in the Slack channels where your users have not added the NextPlane apps.

NextPlane ConverseCloud collects different kinds of information, including personally identifiable ones. The following are the types of information NextPlane ConverseCloud collects.

Database

ConverseCloud collects Slack workspace ID, Slack users’ ID, and profile information (name and email) and keeps them in its database. ConverseCloud only uses this information to route messages between different platforms and provide external contacts with their connected Slack users’ contact details.

Log Data

The NextPlane servers automatically record a log entry for each message they process. The log entry contains only the metadata without the message content. The metadata consists of the following fields:

  • Sender address (e.g., john@acme.com)
  • Receiver address (e.g., peter@widget.com)
  • Message type (IM, Presence, typing, error)
  • Time and date of the message
  • Chat session ID

Management

Using NextPlane Management Portal, you can seamlessly connect different collaboration platforms within your company, or partners such as customers, partners, or suppliers outside your company. The NextPlane management portal provides customers with trailing 12 months of charts and graphs depicting the number of unique users, the number of messages exchanged, as well as detailed usage reports by internal and external federated domains and platforms.

Get More Information

NextPlane can help you with your interoperability and federation needs. Learn how the NextPlane ConverseCloud can help your business by visiting NextPlane, requesting a demo, or by connecting with us at sales@nextplane.net

Download Report