The 1Password Slack app makes administrators happy

Our all new 1Password app for Slack automatically posts messages in Slack when important events happen on your team. It also includes some new functionality that makes it easy for administrators to stay coordinated.

Let me tell you a story about how Slack can be so much more powerful than email.

Going crazy

 Once upon a time, there were three administrators: Jeff, Dave, and Roustem. Dave needed more help developing 1Password X, so he hired a new team member. You won’t be surprised to know that part of that process includes inviting the new hire to our 1Password team.

Once the new team member accepts their invitation and joins the team, their membership needs to be confirmed. To make this easier, 1Password sends a helpful email to all the administrators.


Jeff checked his mail the soonest and quickly confirmed the new team member. Dave was busy working on 1Password X, so he didn’t even have a chance to see the email. A few hours later, Roustem took a break from coding and saw the email. When he went to confirm the new team member, he saw that there were no team members to confirm. Did something go wrong? Or had someone else already beat him to it?

Roustem knew there had to be a better way and almost started to code the solution himself. Then he realized he was in the middle of five other things, so he let me take a crack at it. :)

Staying sane

Slack had all the tools we needed to create an intuitive system to keep all the administrators on a team in sync. The Slack API is really simple to work with, and I was able to have a shiny new Slack app up and running in about a week.

There are two kinds of messages that can be posted in your Slack workspace, and you can choose to post them in a single channel or separate ones.

Alerts that require action

1Password Teams can now post alerts in Slack for things that need your attention, so you can take action right away. But the main problem we wanted to solve was having some way to let administrators know what didn’t need their attention anymore.

After an action is completed, the message is automatically updated to let everyone else know. You’ll immediately know when someone else has already completed the action.

Notifications that let you know what’s up

Every day stuff happens on your team that doesn’t necessarily require you to take action. But it’s handy to have it all in one place. Notifications are informational messages that allow you to keep tabs on important activity, so there are no surprises.

For example, seeing that everyone is signing in from locations that you expect can help ease an otherwise stressful day for an administrator.

Happy administrators

The 1Password Slack app is easy to set up. You can get started today in your account settings:

Use the 1Password Slack app

Roustem couldn’t be more pleased. We hope you are too. Let us know what you think in the comments.

If you’re curious about some of the technical aspects of how we securely authorize with Slack, check out our post on the Slack Platform Blog.

4 replies
  1. Mike
    Mike says:

    So far not a single comment. Could it be that you are way ahead of your users? The Agile blog has usually something interesting, sometimes more, sometimes less relevant for me. But Slack? We hear you talking, but about what exactly?

    I had never heard of it before, nor did a bunch of other IT people in my sphere. Major new things would surely be known here in the UK? Suggestions were “maybe a type of garment, badly spelled”, “slippage in ball bearings” or “a new term for bad luck on social media”. But soon, professional curiosity got the better of us. What we learnt, did not lead to a reaction of “gosh, this was really what we were waiting for urgently to become part of 1P”. No big surprise here, right?

    Shock horror, the opposite happened: “Why should a password vault app need to automatically send out any data to a team, and to that via a third party system.” “What happens if it, by means of some coding error, spills the beans (login details, let alone passwords)?”

    So please tell me that this is just an experiment from your labs, done by a dev with too much time on his/her hands. This brings immediately so many conceptual concerns up, we all dread to think even any further.

    Reply
    • Kate Sebald
      Kate Sebald says:

      Hey Mike! The information sent to Slack comes from the server, which never has your data in the first place. The only “data” it ever has are useless encrypted blobs of gibberish. You can learn more about this here and can find some more in-depth discussion in our Security Design White Paper (PDF), if you’re interested in the technical details. This was a very purposeful decision because we know that mistakes can happen. Of course, we work hard to ensure they don’t, but it would be a mistake in itself to assume we’re perfect, so the better solution is always to design things in a manner that ensures we don’t have any beans to spill. We can never disclose, leak, misuse or otherwise compromise something we never have in the first place.

      Security comes first in everything we do and we’ve often declined to introduce features folks have begged for because we didn’t feel we could do so securely. One technical challenge was request authentication. We wanted to make sure that requests are coming from an authenticated source and that they were authenticated in a safe and secure manner. As mentioned, the Slack app (and the server in general) can’t spill any login details or password beans at all (since we don’t have that information in the first place), but good request authentication ensures that what few beans we do have won’t be spilled either. Chris, one of the developers that worked on this, explains it much better than I can in this post.

      Your internal discussion of Slack reminds me of a game of Balderdash. In case you’re unfamiliar, it’s a game where one person reads a word, then he or she writes down the real definition, and everyone else makes one up. The person who read the word then reads all the submitted definitions and it’s up to everyone else to guess the real one. You get points for guessing the real one yourself and points for everyone who guesses that your fake definition is real. Were I not familiar with Slack, I’d likely have fallen for the “new term for bad luck on social media” so give whoever came up with that one a point and, if you’re not using Slack with your team, don’t worry. Those bits of code will lie dormant unless you take action to set it up, so in this case you’ll be served just fine by doing nothing. 🙂

    • Kate Sebald
      Kate Sebald says:

      Hey Matt! We don’t have any specific plans to do the same with HipChat, but that doesn’t mean it won’t happen. Thanks for your feedback and I’ll be sure to pass it along to the team. 🙂

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *