Skip to main content

About Slack

The Slack connector reads workspace membership, channel configuration, and user groups. On Enterprise Grid, it also reads audit log events. It surfaces that information as artifacts in Iru Compliance. Iru authenticates with a bot OAuth token (xoxb-) obtained by installing a Slack app into your workspace. Access is read-oriented for compliance evidence; it does not send messages or change workspace settings through the scopes described here.

How It Works

Slack APIs expect the bot token in the Authorization header: 
Authorization: Bearer xoxb-XXXX-XXXX-XXXX
You create an app at api.slack.com, grant Bot token scopes, install the app to the workspace, then copy the Bot User OAuth Token. Expanding scopes requires reinstalling the app, which issues a new token. Update Iru whenever that happens.
DetailValue
CategoryCommunications
AuthenticationBearer token (bot OAuth token xoxb-)
Audit logsauditlogs:read is Enterprise Grid only. Without Grid, audit-log-style evidence is not available through this API path.
References: OAuth tokens, Scopes, Audit Logs API.

Prerequisites

  • Workspace Owner or Workspace Admin rights so you can install apps.
  • Ability to sign in to api.slack.com/apps for your workspace.
  • Optional: Enterprise Grid if you need auditlogs:read.
Typical bot scopes for directory and channel evidence
ScopePurpose
users:readRead member profiles
users:read.emailRead member email addresses
channels:readList and read public channels
groups:readList and read private channels (where permitted)
usergroups:readRead user group configuration
auditlogs:readAudit logs (Enterprise Grid only)

Connect Slack to Iru

Complete this tab before you connect the source in Compliance.
1

Open Slack API apps

In a browser, go to api.slack.com/apps and sign in with a Slack account that can create apps for the target workspace (often a workspace admin).
2

Create a new app

Select Create New App, then From scratch (unless your org standardizes on a manifest; this article assumes From scratch).
3

Name the app and pick the workspace

Enter an app name such as Iru Compliance and select the Slack workspace where Iru should install.
4

Open OAuth & Permissions

In the app’s left sidebar, open OAuth & Permissions.
5

Add Bot Token scopes

Under Bot Token Scopes, add each scope from Prerequisites that your controls require. Add auditlogs:read only if you are on Enterprise Grid and need audit evidence.
6

Install the app to your workspace

From OAuth & Permissions, select Install to Workspace (or Reinstall after scope changes). Review permissions and approve.
7

Copy the Bot User OAuth Token

Copy the Bot User OAuth Token (starts with xoxb-). If you change scopes later, reinstall to get a new token. Paste the current token into the Iru connector wizard when Iru Compliance prompts you.
Continue on the Iru Compliance tab.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
Confirm the token is current, begins with xoxb-, and the app is still installed.
Add the scope under OAuth & Permissions, reinstall the app, copy the new token, and update Iru.
Reinstall the app or rotate credentials; update Iru with the new bot token.
auditlogs:read requires Enterprise Grid. Without it, audit-log API evidence is unavailable.

Considerations

Bot tokens generally do not expire unless your…

Bot tokens generally do not expire unless your workspace enforces rotation. Follow Slack’s guidance if rotation is enabled.

Uninstalling the app revokes the token immediately.

Uninstalling the app revokes the token immediately.

Scope increases always require reinstall and a new…

Scope increases always require reinstall and a new token. Plan changes during a maintenance window.

Sources Management

Browse and manage every Compliance source.

Getting Started With Compliance

Frameworks, actions, and Artifacts.

Iru Overview

How Endpoint, Compliance, and Identity fit together.

Artifacts Management

Upload, review, and organize evidence from sources and actions.