Skip to content

Slack Permissions Reference

This section lists all permissions and scopes used by SailPoint Entro’s Slack integration.


Private App Scopes

User Token Scopes

Scope Why it’s needed
channels:read List and identify public channels so SailPoint Entro can determine monitoring coverage and attach correct channel context to findings.
channels:write Perform channel-level actions required during onboarding/enablement flows (where Slack requires a user context).
channels:history Read message history in public channels to detect exposures that already exist and to provide context around findings.
groups:read List and identify private channels (“groups”) for coverage and context.
groups:write Perform private-channel actions required during onboarding/enablement flows (where Slack requires a user context).
groups:history Read message history in private channels to detect exposures and provide context around findings.
im:write Send direct messages to users/security teams for alerts, triage, or remediation guidance.
im:history Read DM history when needed for detection and context (if monitoring is enabled for DMs).
chat:write Send messages as part of alerting/triage flows (general message posting capability).
team:read Read workspace-level metadata (workspace identity/settings) used for tenant mapping, display, and correct workspace attribution.
files:read Read file metadata/content where permitted, so SailPoint Entro can scan uploaded/shared files for secrets and exposures.
search:read Search Slack content to locate potential exposures and related context more efficiently than iterating everything.

Bot Token Scopes

Scope Why it’s needed
app_mentions:read Detect when users @mention the SailPoint Entro bot (e.g., asking for status/help or interacting with findings).
channels:join Allow the bot to join channels automatically, so monitoring can work without manual channel-by-channel invites.
channels:manage Perform channel management operations required for scalable monitoring enablement/maintenance.
channels:read Read public channel metadata for monitoring coverage and enrichment context.
channels:history Read public channel message history for detection (historical + ongoing context).
groups:read Read private channel metadata for coverage and enrichment context.
groups:history Read private channel message history for detection (historical + ongoing context).
im:read Read DM metadata for monitoring context (where enabled).
im:write Send DMs for alerts, triage, and remediation guidance.
im:history Read DM message history where needed for detection and investigation context (where enabled).
mpim:history Read multi-person DM history (MPIM) for detection and context where enabled.
chat:write Post alert/triage messages in Slack as the bot (general posting capability).
chat:write.customize Send richly formatted/customized alert messages (e.g., attachments/blocks, names/icons where allowed).
chat:write.public Post messages into channels where the bot is allowed to post publicly (used for channel-based alerting).
incoming-webhook Deliver notifications into specific channels via webhook-based delivery (commonly used for alert routing).
files:read Read file metadata/content where permitted to scan uploads/shares for exposed secrets.
metadata.message:read Read message metadata needed for context/enrichment and efficient processing (e.g., message identifiers/structure needed to correlate events and findings).
team:read Read workspace-level metadata for correct tenant attribution and workspace context.
users:read Enumerate users for enrichment (who posted/shared) and routing findings to the right owners/responders.
users.profile:read Read user profile fields needed to enrich findings and map ownership (display name, profile info, etc.).
users:read.email Map users to verified email identities (useful for identity correlation and routing).
users:write Support user-level updates required by specific workflows (only where Slack requires it for the integration’s operations).
usergroups:read Read user groups for routing/escalation (e.g., send alerts to the right responder groups).
usergroups:write Manage user-group based routing/escalation flows where required (e.g., maintaining responder group mappings).
conversations.connect:manage Enable monitoring in Slack Connect shared channels (cross-organization channels).
conversations.connect:read Read Slack Connect conversation metadata for coverage and context.
conversations.connect:write Post alerts into Slack Connect channels when required.

Events subscription (Real time monitoring)

Event Purpose
channel_created Automatically begin monitoring newly created channels.
file_created Detect newly uploaded files for secret scanning.
file_shared Trigger scanning when files are shared in conversations.
message.channels Monitor new messages in public channels for exposed secrets.
message.groups Monitor new messages in private channels for exposed secrets.

Enterprise Grid Scopes

Scope Purpose
discovery:read Enumerate Slack users and messages
discovery:write Write alert triage messagesTombstone messages with secrets
users:read Read workspace user information

Security & Compliance

  • Read-only access except for chat:write.
  • Encrypted using AES-256.
  • Communication secured by TLS 1.2+.
  • SOC 2 Type II and ISO 27001 compliant.