Building a Slack Enterprise Workbot with Workato to support a PHI compliant process in Slack
Today I'll be walking you through how we created a PHI compliant service request process in Slack with a Slack Enterprise Workbot via Workato. The bot enables a care team to raise and resolve clinically sensitive IT service requests, through PHI specific workspaces, within a Slack Enterprise Grid organization.
The company was moving off of another service software into Jira Service Desk but they did not want anyone on the PHI teams able to access Jira directly as PHI was NOT authorized in Jira. So they needed a solution in Slack that enabled the team to raise requests via Slack, work with the service team on resolving them within Slack, and allowed PHI in authorized Slack channels only -- all while the service team tracked the request in Jira Service Desk.
Let's review the steps we took to get this done. It's interesting to note that even though for an end-user raising the request this experience will be 100% Slack-first - the back-end automation is built almost entirely via configurable Workato recipes and Jira automation.
Create a Slack Enterprise Workbot
As long as you have the proper plan in Workato, this process is a breeze and Workato does a great job of walking you through the steps in the documentation. It even automates the creation of the Slack bot in the Slack UI, walking you through the steps. Well done! 👏
Note, we used both the (1) Slack and (2) Workbot for Slack connections available in Workato for this bot. The connectors have slightly different actions available so both were required for us, though that may not be true for your use case depending what you build and if you want to build custom steps with the Slack API. This required four custom OAuth profiles as we needed one for each connection (Slack vs Workbot for Slack) with one for sandbox and one for production Slack workspace/org. Unfortunately, these are not cheap. But good news is a single custom OAuth profile can be used across many recipes!
Connect to Jira Service Desk from Workato
Follow the steps as documented in Workato. Good news, this does NOT require a custom OAuth profile! Hooray!!
💡 You will have to have your Jira Service Requests set up to accommodate field mappings that will be used in creation of tickets below (reference). You will also likely need Lookup Tables to map values to IDs to pass properly with this connection.
Create Workato recipe for App Home
Similar to creation of a Slack bot using Slack Bolt framework, you must add first turn on App Home in your Slack bot via the Slack back end. Then you can create this recipe and utilize Slack block kit formatting via Workato's configurable UI to make an App Home for your bot.
For us, the App Home was the central location where users could find information on the request process and click buttons that allowed for different requests to be made. In this first release specifically for PHI requests, but in the future rolling this out to others and more general IT requests. Each button was set up via a Workato command...
Create Workato recipe(s) for Commands
For this use case, we created three distinct commands triggers which supported a different request flow (1) Access/User Requests (2) Specific-system Requests (3) Other Requests. A modal with picklists (i.e. no way to enter PHI) displayed in a Slack modal with fields like Type, Urgency, Location (using block kit UI) which the user could select from. The responses from the modals were then mapped to a create a new Jira Service Desk issue and the recipe ended.
Create Workato recipe for creation of Channel
With the ticket created, the next step was creation of the channel with the issue ID in the name (format: "#phi-<Issue ID>") and addition of members for collaboration to close the issue. We used Jira automation to assign someone from a queue round robin style at which point a webhook triggered recipe created the channel via Workato.
The requestor from Slack and the assignee from Jira are added as members to the channel. The channel then prompts instructions to enter certain information (depending on the request type) as well as any PHI information required to resolve the ticket. Plus, based on SLAs set in Jira, we can adjust the language so the requestor can see when they should expect resolution. Using the webhook trigger gave us tons of information we could use from Jira to make the messaging in channel dynamic and specific to the request submitted.
Once the requestor and assignee have confirmed the issue is resolved.... the channel is archived manually and the ticket is closed in Jira by the assignee.
💡 The assignee is responsible for manually updating the ticket from here. We did not automate syncing of anything from the channel to Jira to avoid PHI making its way into Jira.
Although expensive (...though not as expensive as Jira Enterprise which is HIPAA compliant), this solution allows you to use Slack and Jira together to provide you the ability to create what appears to be fully custom Slack bot with Workato integrations and automations to external systems without the need to have a developer (no code!). With Workato supporting "600k+ Pre-Built Integrations Across 1000+ Apps", just imagine all the possibilities here!