Get Started
Screenshot of n8n workflow
FREE TEMPLATE
Automate Slack and Gmail Login Security Alerts
3
Views
0
Downloads
43
Nodes
Download Template
Free
Preview Template
Utility Rating
8 / 10
Business Function
IT
Automation Orchestrator
n8n
Integrations
UserParser
Slack
PostgreSQL
IP-API
GreyNoise
Gmail
Trigger Type
Manual trigger
Webhook
Approx setup time ≈ 75 min
Need help setting up this template?
Ask in our free Futurise community
About
Community
Courses
Events
Members
Templates

How to Automate Slack and Gmail Login Security Alerts?

Leon Petrou
FREE TEMPLATE
Automate Slack and Gmail Login Security Alerts
3
Views
0
Downloads
43
Nodes
Download Template
Free
Preview Template
Utility Rating
8 / 10
Business Function
IT
Automation Orchestrator
n8n
Integrations
UserParser
Slack
PostgreSQL
IP-API
GreyNoise
Gmail
Trigger Type
Manual trigger
Webhook
Approximate setup time ≈ 75 minutes
Need help setting up this template?
Ask in our free Futurise community

Description

Protect account access with an automated flow that spots risky sign ins, ranks them, and alerts the right people. Security and IT teams get clear Slack alerts, while users receive an email if a new device or location appears. The result is faster response with less noise.

A webhook or a manual test starts the run. The flow extracts IP, user ID, user agent, and time, then checks the IP with GreyNoise to judge trust and classification. It adds location details from IP API and parses device and browser using UserParser. A Postgres query loads the last ten logins for the user. If the city or device is new, the flow flags it and sets a priority. A Slack message shows the priority, user, IP, time, and a link to GreyNoise. If the account has an email, a styled Gmail notice is sent.

You will need API keys for GreyNoise and UserParser, Slack and Gmail credentials, and access to your Postgres database. Expect faster triage and fewer false positives, often cutting review time by more than half. Common uses include SaaS product logins, employee portals, and customer account areas. Setup is straightforward and lets your team scale review without adding headcount.

Copy link

Tools Required

UserParser
Sign up
Free tier: $0 / mo, 10,000 API calls / mo (500/day)
Slack
Sign up
Free plan: $0 / mo; limited to 10 apps (third-party or custom) and usable via Slack API
PostgreSQL
Sign up
Free: $0 (open-source PostgreSQL License; self-hosted)
n8n
Sign up
$24 / mo or $20 / mo billed annually to use n8n in the cloud. However, the local or self-hosted n8n Community Edition is free.
IP-API
Sign up
Free tier: Free, 45 requests/minute, no API key (HTTP only; non-commercial).
GreyNoise
Sign up
Free Intelligence: $0 / mo, 50 searches per week via Community API
Gmail
Sign up
No cost: Personal Gmail (Gmail API has no usage-based pricing; quotas apply)

What this workflow does?

  • Webhook trigger for live login events plus a manual trigger for safe testing
  • Data extraction of IP, user ID, user agent, and timestamp from incoming events
  • GreyNoise lookup with trust and classification switches to set alert priority
  • IP API geolocation to add country, region, and city context
  • UserParser analysis to identify browser, operating system, and device type
  • Postgres queries to fetch the last ten logins and the user profile
  • Merge nodes build a complete record combining intel, location, and device details
  • If checks detect new city or new device and route paths accordingly
  • Slack alerts include priority, user, IP, time, and a link to GreyNoise
  • Gmail sends an HTML email to the user only if an email address exists

What are the benefits?

  • Reduce manual triage from 2 hours to 10 minutes per incident by auto ranking and routing alerts
  • Cut false positives by up to 40% using GreyNoise trust and classification data
  • Unify IP intel, geolocation, device data, and user history into one alert
  • Notify users within seconds when a new device or city is detected
  • Handle thousands of login events without adding analyst workload
  • Improve analyst focus with clear High Medium Low priorities

How to set this up?

  1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
  2. You'll need accounts with Gmail, Slack, PostgreSQL, GreyNoise, IP-API and UserParser. See the Tools Required section above for links to create accounts with these services.
  3. Open the New /login event webhook node and copy the production URL. In your auth service or app, send login events as HTTP POST requests to this URL.
  4. In the n8n credentials manager, create a GreyNoise credential using Header Auth. Set the header name to key and paste your API key from the GreyNoise dashboard. Select it in the GreyNoise node.
  5. Create a UserParser credential using Query Auth. Use the parameter name api_key and your API key from the UserParser account. Select it in the Parse User Agent and UserParser HTTP Request nodes.
  6. Connect Slack: open the Slack node, choose Create new credential, complete the OAuth screen, and pick the target channel in the node settings.
  7. Connect Gmail: open the Inform user node, choose Create new credential for Gmail OAuth2, approve scopes, and select the account to send emails from.
  8. Connect PostgreSQL: in the credentials manager add your host, port, database, user, and password. Select this credential in both Postgres nodes. Ensure your n8n host can reach the database network.
  9. Review the HTML node content and edit the message text, branding, and support links as needed.
  10. Click the manual trigger and run the Example event to validate the full path. Confirm you receive a Slack alert and, if the test user has an email, a Gmail message.
  11. Send a real login event from your app to the webhook. Check that new city or new device paths are flagged and that priorities appear in Slack.
  12. Tune the Check trust level and Check classification switch nodes to match your risk policy. Adjust the Slack message fields and priority labels if needed.
  13. Troubleshoot: HTTP 429 from IP-API means you hit the rate limit; space out requests. GreyNoise 401 indicates a bad API key. If emails fail, recheck Gmail OAuth scopes. If Slack messages do not post, confirm channel permissions. For database issues, verify the queries and network access.

Need help or want to customize this?

Ask in the Free Futurise Community.

Similar Templates

n8n
IT
Automate Slack IT Helpdesk Replies
Give your IT team an AI helper inside Slack. When someone sends a direct message, it replies fast, looks up answers in your knowledge base, and keeps the chat clean. It is built for helpdesks that want quicker replies without extra manual work. Incoming DMs hit an n8n Webhook, and a Verify Webhook node answers Slack’s challenge so the app stays active. Messages from bots are skipped. The user gets a short receipt message first. An AI Agent then builds the final answer using the OpenAI Chat Model and a memory window that keeps recent context per channel. The agent can call a tool that connects to a second n8n workflow which searches Confluence by keywords. The message is cleaned to match Slack formatting, the initial receipt is deleted, and the final reply is posted to the same DM. Setup needs a Slack app with Events API, an OpenAI API key, and a Confluence space if you want knowledge lookups. Expect faster first responses, less context switching, and fewer repeated questions. This works well for IT help, onboarding questions, and policy lookups, all inside Slack.
15 views
view
n8n
IT
Automate Slack Certificate Approvals
Enable your team to request and approve TLS certificates inside Slack. Users submit a domain in a Slack modal, the domain is checked for risk, and safe requests are issued automatically while risky ones get routed for human review. This is ideal for IT and security teams that want fast, safe certificate handling without leaving chat. Incoming Slack events reach n8n through a webhook. The flow parses the payload, opens a Slack modal, and responds quickly so Slack does not time out. After submission, the workflow closes the modal, looks up the requester’s Slack email and team details, and scans the domain with VirusTotal. Results and context are merged. If no malicious reports are found, a Venafi TLS Protect Cloud node generates the CSR and issues the certificate. If risk is detected, OpenAI writes a short summary and a Slack message asks for manual approval. A domain format check runs before the request is sent. Set up requires a Slack app with Events and Interactivity, API keys for VirusTotal and OpenAI, and Venafi access with the correct template and application IDs. Expect faster turnarounds, fewer errors, and clear approvals in Slack, even at high request volumes.
8 views
view
n8n
IT
Automate Slack and Jira Incident Response
Keep your team informed when a risky email is caught. The flow alerts the affected employee in Slack and opens a Jira issue only when the email was already opened. It reduces confusion and speeds up security follow up. An incoming alert from your email security tool triggers a webhook in n8n. The flow pulls message details, then looks up the recipient’s Slack account by their mailbox address. If a Slack user is found, a direct message explains why the email is missing and what to do next. The logic also checks if the email was opened using the read at field. If true, a code step prepares a table of flagged rules and a Jira issue is created with a clear summary and description. If the user is not in Slack or the email was not opened, the flow exits without noise. Set up needs API access to the email security platform, a Slack app with users read email and im write scopes, and a Jira project with the right issue type. Expect faster response, fewer help desk tickets, and cleaner handoffs to incident response. Good fits include IT and security teams that quarantine suspicious emails and want direct user alerts plus a ticket only when risk is higher.
13 views
view
See More Templates

Credits: Milorad - these templates were sourced from publicly available materials across the web, including n8n’s official website, YouTube and public GitHub repositories. We have consolidated and categorized them for easy search and filtering, and supplemented them with links to integrations, step-by-step setup instructions, and personalized support in the Futurise community. Content in this library is provided for education, evaluation and internal use. Users are responsible for checking and complying with the license terms with the author of the templates before commercial use or redistribution. If you are the author and would like this template removed from the template library, email us at info@futurise.com and we will remove it promptly.