Slack
Discover installed apps, bot/user tokens, scopes and channel access across workspaces (incl. Enterprise Grid). Govern non-human identities and their effective permissions — and stop risky actions before impact.
What the connector discovers
- Installed Apps & Bots
apps.list across workspaces; bot/user tokens, oauth v2 grants, approved domains; owner team, install time, publish state, app directory vs custom.
- Scopes & Effective Permissions
Aggregated scopes (e.g., channels:read, files:write, users:read.email); effective access per workspace/channel including private channel memberships where applicable.
- Channels, Members & Usergroups
conversations.list for public/private/MPIM; membership, external/guest flags, usergroups, owners; Workspace vs Org visibility for Enterprise Grid.
- Files & External Sharing
files.list metadata, public links, external shares, file lifecycle & retention policy alignment.
- Webhooks, Slash Commands & Workflow Builder
Incoming webhooks, slash commands, workflow steps with tokens; cross-workspace automations and data egress risks.
- Audit & Org Signals
auditlogs.read for app installs/removals, permission changes, file shares; Enterprise Grid org admins, workspace directory states, SCIM (optional).
Slack concentrates IP (files, code snippets, decision threads) and exposes it via apps and automations. ClarioSec turns this into **runtime governance**: drift-aware scoring, pre-execution controls and audit-grade narratives.
Drift-aware risk scoring
Baselines per app/bot; peer groups by team/function; detection of scope expansion, excessive channel reach, dormant tokens, abnormal file exfil and risky cross-workspace automations.
Pre-execution enforcement
Allow / Alert / Block / Approve with governed overrides. Scope minimization for apps, revoke tokens on risk, and JIT approvals before sensitive file postings or private-channel access.
Audit-grade narratives
Each decision yields **rule → reason → proof → control map** (SOC 2, GDPR, ISO/IEC 27001 & 42001, AI Act), including before/after scopes, affected channels/files and owner context.
Connect Slack
Use a Slack app installed with **OAuth v2**. For Enterprise Grid, install with org-level scopes where available.
- 1) Create or select a Slack app
api.slack.com → Your Apps → Create New App → From scratch. Configure OAuth & Permissions.
- 2) Add minimum read scopes
Suggested: auditlogs:read, users:read, users:read.email, channels:read, groups:read, mpim:read, im:read, files:read, apps:read, admin.apps:read (Grid), admin.conversations:read (Grid).
- 3) Install to workspace (or org)
Install app; capture Client ID/Secret & Bot Token (xoxb-), optionally User Token (xoxp-) if needed for org admin read APIs.
- 4) Add credentials in ClarioSec
Open the Slack connector and paste Client ID/Secret (for refresh) and current tokens. We store secrets per tenant.
High-value signals (read-only):
- apps.list, oauth.v2.access (grants), team.info, users.list, usergroups.list
- conversations.list / members; private/public/MPIM/IM topology
- files.list (metadata), links & external shares, retention policies
- workflows.*, chat.*, incoming webhooks, slash commands (metadata only)
- auditlogs.read events for installs, perms, channel/file actions; SCIM (optional) for directory joins/leaves
Endpoint family: Slack Web API, Audit Logs API, (optional) SCIM, Events API (ingest).
- Over-privileged apps & dormant tokens
Bots with broad scopes (files:write, channels:manage) unused or owned by departed users.
- File exfiltration & public links
Sensitive files shared to public channels or external links; retention misalignment.
- External guests & unfederated channels
Guests in sensitive workspaces; cross-org shared channels bypassing expected boundaries.
- Risky automations
Workflow Builder steps / webhooks posting to private channels or exporting data out of tenant.
- Just-in-time approvals for new app installs and scope upgrades
- Automatic scope minimization & token revocation (dormant/risky)
- Owner attestations for apps, webhooks, and workflows
- Audit-grade narratives mapped to SOC 2 / GDPR / ISO / AI Act
Ready to govern Slack apps and bots at runtime?
Move from app posture to provable behavior — identity → scope → action → narrative.