Skip to main content

2️⃣ How to install detection banners (Slash)

This article guides you step by step through installing Slash and enabling detection banners in your employees’ mailboxes.

❶ Prerequisites

Before installing Slash, make sure the following elements are already set up in your Riot workspace:

  • Your Inbox module is already installed and operational.

  • Your Google or Microsoft workforce is synchronized with Riot (otherwise, this step will be proposed during installation).

  • The Slash feature has been enabled for your workspace by your Riot contact.

👍 Good to know: if the Slash section does not yet appear in your Inbox module settings, contact your Riot Account Manager.

❷ Enable Slash in Inbox

Once the feature has been enabled for your workspace:

  1. Go to Inbox > Settings > Slash.

  2. Enable the Slash toggle.

  3. Follow the on-screen instructions to proceed to the next step (synchronization and permissions).

❸ Grant the required permissions

Slash requires permissions on your email environment to function:

  • Read access to emails — to analyze content and detect malicious emails.

  • Write access to emails — to inject warning banners into suspicious emails and move confirmed malicious emails to spam.

The procedure differs depending on your email provider:

👉 For Google Workspace

Go to the Google Admin Console at the following address:
https://admin.google.com/ac/owl/domainwidedelegation

Then add the two required scopes for the Riot Client ID.

👉 For Microsoft 365 / Outlook

Grant Slash the Mail.ReadWrite permission through Outlook API permissions. If you have already deployed Riot’s Simulation module, this permission has most likely already been granted — no action is required.

👍 Good to know: Slash cannot function without these permissions. Without read access, Slash cannot analyze emails. Without write access, it cannot display warning banners in your employees’ mailboxes.

❹ Verify the configuration

Once permissions have been granted:

  1. An email is automatically sent to the administrator who initiated the installation.

  2. Open this email and click “Verify configuration” to finalize the installation.

  3. If the verification succeeds, Slash immediately starts analyzing incoming emails across your organization.

❺ Configure the notification channel

This step is essential for the internal impersonation protection workflow: this is the channel Riot uses to automatically contact an employee whose identity appears to be impersonated.

Go to Settings > Notifications and enable the channel of your choice:

  • Slack

  • Microsoft Teams

  • Google Chat

If none of these channels are available, Riot will use email as a fallback solution.

❻ Enable impersonation protection (optional)

In the Slash settings, you can enable the Auto Impersonation Protection option.

When enabled and internal impersonation is suspected, Albert automatically contacts the impersonated employee through the notification channel configured in the previous step to verify the legitimacy of the email.

❼ Enable Block Threat (recommended)

Block Threat is an Inbox option that amplifies the impact of a report: from a single reported email confirmed as malicious, the attack can be neutralized across the entire organization.

Go to Inbox > Settings > Processing and enable Block Threat.

👉 With Block Threat enabled:

  • When a ticket is confirmed as malicious (by an employee or an admin), all emails from the same attack are moved to spam for all affected employees.

  • Future emails from the same attack are automatically moved to spam upon arrival, in real time.

  • If an admin reclassifies the email as safe, the emails are restored to inboxes.

👍 Good to know: an attack is identified by the combination of sender address + email subject. The system handles random variations that attackers insert into subjects (names, identifiers, random strings) to bypass traditional filters.

👍 Key takeaways

  • Installation is done from Inbox > Settings > Slash in just a few steps.

  • Slash requires both read and write access to your email environment to analyze emails and inject banners.

  • Make sure to enable a notification channel (Slack, Teams, or Google Chat) to benefit from the automatic impersonation workflow.

  • Enable Block Threat in Inbox to neutralize attacks across the entire organization from a single report.

Related Articles
*️⃣ Checklist: 5 key steps to activate Riot
1️⃣ Understanding Slash: Detection banners
1️⃣ Understanding Inbox
Did this answer your question?