Adding Slido to Microsoft Teams is necessary for the integration to work. Slido may not not appear in the list of apps in Microsoft Teams due to company restrictions. If that’s the case, it needs to be whitelisted by your company.
This article provides all the details needed for the IT department to enable Slido in your organization.
For general information about Microsoft Teams integration with Slido click the article link, or browse frequently asked questions for current limitations and troubleshooting.
In this article we will cover the following questions:
- What is Slido and how does it work within Microsoft Teams?
- Does Slido collect any data like chats or documents from MS Teams?
- We can see in Slido’s Microsoft attestation report that there are multiple unsupported security features – does this mean that Slido failed the security review?
- Does Slido meet other compliance standards such as SOC2?
- Is Slido secure to use in Microsoft Teams?
Slido meets Microsoft’s compliance and security standards and has completed the Microsoft 365 App attestation.
What is Slido and how does it work within Microsoft Teams?
Slido is a SaaS based Q&A and polling platform, which is accessible via a web browser or through integrations with presentation or video conferencing tools such as Microsoft Teams, Microsoft PowerPoint and others.
Please note that Slido does not integrate with Azure ID nor use Microsoft Graph. Instead, the Slido app uses GetParticipant API to enable functionality.
The Slido integration with Microsoft Teams is available as an app from the Microsoft Teams store.. As a Microsoft Teams app, it combines one or more capabilities in an app package, that can be installed, upgraded, and uninstalled.
The capabilities Slido utilizes include:
- Tab
- Bots
Slido’s app permissions and risk profile are defined by the permissions and risk profiles of the capabilities that the app contains. Since Slido doesn’t integrate with Azure AD or Microsoft Graph, the risk profile for a tab is almost identical to a website running in a browser tab.
Does Slido collect any data like chats or documents from MS Teams or does Slido only collect the data that is entered directly into the Slido App?
Slido collects the data the users and participants enter into the platform. In order to enable bot functionality, the Slido app can also access the roster (first name, last name, display name, email address) of any team member in a team or chat that Slido has been added to.
We can see in Slido’s Microsoft attestation report that there are multiple unsupported security features – does this mean that Slido failed the security review?
No – it does not mean that Slido failed the security review. As we chose to not fully integrate with Azure AD or Microsoft Graph, multiple security features aren’t available within Microsoft Team’s native settings, but can be accessed through the tab’s or web’s interface.
Here are some of the security features mentioned in the report and their availability through the tab or host interface in the web browser respectively:
FEATURE | WHY IS IT MISSING? |
Data classification | Data classification is a capability that allows users to label files and data by sensitivity and business impact in order to identify risks and protect sensitive data. It is against our Terms of use to store sensitive data on the platform. Therefore, this is not a feature we wish to support in our web version or within integrations such as Microsoft Teams. |
Supports SAML | Slido does support SAML 2.0., which is available through a pop-up window in the signup up and login process:
|
Requires | We place a strong emphasis on privacy and anonymous participation (if preferred). Therefore, we chose not to enforce user authentication so that users have the option to join anonymously. However, it is possible to set up SSO login for participants (as shown in the screenshot above). |
IP address restriction | Slido is hosted within Amazon Web Services and. Therefore, it’s not possible to restrict access to Slido based on IP address. The only way would be to whitelist the whole AWS IP range. However, this would whitelist any AWS hosted service (like Netflix, for example). Additionally, AWS IP ranges can change over time. |
User roles support | Managing user roles is possible via the tab interface (see the screenshot below). Full team management options are available through the host interface in the web browser. |
Does Slido meet other compliance standards such as SOC2?
Slido runs a certified ISMS (ISO27001) and QMS (ISO9001). Both of them represent highly recognised information security management & quality management standards. Upon request, Slido can provide the following in-depth security assessment questionnaires:
- Consensus Initiative Assessment Questionnaire (CAIQ), and
- Vendor Security Alliance Questionnaire (VSA).
These provide an industry-accepted way to document security controls used in cloud based services and provide security control transparency. To access our ISO certificates, please go to the Security section of our website where you can also find all of our security standards.
Does this mean that Slido is secure to use in Microsoft Teams?
Yes - Slido supports the key security features within a tab or a web browser. We chose to not integrate with Azure AD or Microsoft Graph to be able to keep certain privacy features, such as allowing participants to join Slido anonymously.
Curious about learning more?