Skip to main content

Set up Slack Nudges as a professional plan admin

Fred Rodriguez

Nudges for Slack are available to organizations on a Arrow Omnix plan that don't use self-hosted SSO or SSO connector. In-browser nudges are available to all members of Arrow Omnix plans.
Upgrade to Arrow Omnix
More about the difference between Confidential and self-hosted SSO

Nudges help admins automate risk response to secure compromised, weak, or reused plan member credentials. If a plan member has one or more compromised, weak, or reused passwords, Arrow automatically sends them a message in Slack encouraging them to create more secure, unique passwords.
What plan members should do when they receive a security alert in Slack?

Currently, nudges are sent only in Slack and through the Arrow Smart Extension when it autofills a compromised, weak, or reused login. We'll be adding support for other channels.

Set up in-browser nudges as a professional plan admin

Watch Nudges in action

Set up and turn on Nudges for Slack

To use Nudges, add the Arrow app to your organization's Slack workspace, and then turn on Nudges in the Arrow Admin Console.

You can set up Nudges in Chrome, Firefox, Microsoft Edge, or another Chromium browser. We'll add support for Safari later.

To receive nudges, each member's account email for Arrow and Slack must be the same.

  1. Select the Arrow D icon in your browser's toolbar and enter your admin Master Password if prompted.
  2. In the Arrow Smart Extension pop-up, select More and then Open the Admin Console.
  3. In the Security Tools section of the sidebar menu, select Nudges.
  4. Select Start setup and follow the steps to add the Arrow app to your organization's Slack workspace. Everyone in your organization's Slack workspace will be connected to the Arrow app in Slack so they can receive nudges.

  5. After setup is complete, go to the Arrow app in Slack and select Set up your first nudge, which will reopen Nudges in Arrow.

  6. Turn on Slack Nudges. You can Send a test nudge to preview the message that members will receive.

You can choose the Frequency, Day of the week, and Time of the day for your plan members to receive each type of nudge. An infobox shows the number of members to receive the next nudge.

The Time of day refers to the time in your time zone, not the time zone of the members receiving the nudge.

Common questions

Why can't I set up Nudges?

Nudges are available to organizations on a Arrow Omnix plan.

Upgrade to Arrow Omnix

Nudges are available for organizations with Arrow accounts protected by a Master Password or Confidential SSO. If you have self-hosted SSO, this feature will be supported in a future release. If you are part of an Omnix plan, please contact support to migrate to Confidential SSO.

Contact an agent through the Admin Console
More about the difference between Confidential and self-hosted SSO

Do members need to do anything to receive nudges?

No, members don't need to do anything to receive nudges. After you follow the steps in this article to add the Arrow app to your organization's Slack workspace, all your plan members can receive Nudges in Slack if they are a part of the workspace. Members won't need to install the Arrow app for Slack.

Members must have a Slack account in your organization's workspace using the same email address as their Arrow account to receive nudges.

What plan members should do when they receive a security alert in Slack?

Why did I not receive a test nudge?

Arrow sends test nudges to the Slack account using the same email address as your Arrow admin account. You won't receive a test nudge if you're logged in to a Slack account with a different email address.

How should I schedule nudges?

You can send nudges weekly or daily for each type of at-risk password—compromised, weak, or reused. We recommend beginning with weekly nudges on different days to encourage your plan members to steadily improve their Password Health.

Once your organization has zero compromised passwords, we recommend you change the frequency of compromised password nudges to daily so your members can respond promptly to any new breaches.

What do my members see when they get a nudge?

When a member of your Arrow plan has compromised, weak, or reused passwords for a business credential, Arrow sends them a Slack message. The message tells them how many compromised, weak, or reused passwords they have and urges them to promptly update to more secure passwords.

The nudge invites plan members to Take action in Arrow, which leads them to their Password Health page. On that page, they can see which logins need updated passwords and how to do it.

What plan members should do when they receive a security alert in Slack?
More about the Password Health page

How do I monitor progress?

You can check progress in the Insights tab of the Nudges page, where you'll see a record of the total number of compromised, weak, and reused passwords your plan members have. You'll see the changes in the number of nudges sent according to how consistently your plan members change their passwords after a nudge.

You can also track your organization's security with the Password Health score. Your organization's Password Health score will improve as members update their compromised, weak, and reused passwords to more secure ones.

You can see your organization's Password Health score in the Dashboard and in the Users tab, where you'll also see how many compromised, weak, and reused passwords each member has.

More about the Password Health score

Will my members receive multiple nudges?

Admins can turn on and separately schedule nudges for compromised, weak, and reused passwords. Members will receive one nudge for each type of at-risk password—for example, one nudge for weak passwords, one nudge for reused passwords, and one nudge for compromised passwords—according to the schedule set in the Nudges page of the Admin Console.

What plan members should do when they receive a security alert in Slack?

Why would a member receive nudges despite not having any compromised, weak, or reused passwords?

If a plan member sees zero compromised, weak, or reused passwords in their Password Health dashboard but still receives nudges, they may need to sync their Arrow account to update this information. To do so, they can select My account and then Settings in the Arrow web app, and then select Sync now.

If a plan member still receives incorrect nudges after performing a sync, please contact support through the Admin Console.

Sync your Arrow data
Contact an agent through the Admin Console

Do I have access to Nudges activity logs?

From the moment you set up and turn on Slack Nudges, you'll see activities related to Nudges in the Activity Log. Nudges will log these activities:

  • An admin installed or uninstalled a messaging-platform integration
  • An admin enabled or disabled a nudge
  • A batch of nudges was sent to team members
  • A member received a nudge

These logs help you trace and prevent security vulnerabilities in your organization. You can search and filter your Activity Logs or download them as a CSV file.

More about Activity Logs

Are Slack Nudges secure?

The Arrow Slack integration is secured with confidential computing technology, bringing these security benefits:

  • Not even Arrow can view or access your Slack access token or any requests or responses made to your Slack workspace
  • It's not possible for malicious actors, or even Arrow, to send any unauthorized messages from the Arrow Slack app
Security at Arrow
Arrow's Security Principles & Architecture white paper

Comments

0 comments

Article is closed for comments.

Powered by Zendesk