We currently use Slack as our sole authentication mechanism, meaning no additional authentication strategy or provider is required.
However, your organisation chooses to authenticate with Slack — whether that's directly or with a single sign-on provider — that same authentication mechanism is used to access incident.io.
For the web application, temporary sessions are granted when you sign in with Slack. These periodically expire and are refreshed by redirecting the user through the OAuth flow. We can also revoke these tokens.