SecureAuth AI Gateway
IntegrationsResources

Slack

Team messaging and collaboration platform

Slack integration connects your agents to your team's messaging and collaboration platform.

Server URL: https://mcp.slack.com/mcp

Setup

  1. Navigate to Resources and click Add Resource
  2. Select Slack from the catalog
  3. Choose a credential mode (see below)
  4. Click Add

The resource is added with all tools and scopes pre-configured. Each user connects their own Slack account via OAuth when they first use a Slack tool. Navigate to Connections to manage linked accounts.

Credential modes

Slack supports two modes:

  • Use SecureAuth's app — install instantly with SecureAuth's pre-registered Slack app. No setup on your side. Recommended for most installs.
  • Bring your own app — use a Slack app owned by your workspace. Recommended when you need custom branding on the consent screen, dedicated rate limits, or audit isolation in your workspace.

See Credential modes for the full comparison.

Use SecureAuth's app

Install instantly with SecureAuth's pre-registered Slack app — nothing to create on your side. Each user connects their own Slack account via OAuth the first time they use a Slack tool.

No admin setup is required unless your workspace restricts app installs. Slack lets members add apps themselves by default; if a Workspace Owner has turned on app approval ("Only allow pre-approved apps"), the SecureAuth AI Gateway app must be approved before members can connect. When a member first tries to connect, Slack sends an approval request to your Workspace Owners via Slackbot — an owner approves it once, and members can connect from then on.

Bring your own app

A Slack workspace admin creates a Slack app at api.slack.com/apps, installs it into the workspace, then returns to SecureAuth with the Client ID and Client Secret.

In your AI Security workspace, go to Resources → Add Resource → Slack → Bring your own app and copy the redirect URI shown in the dialog.

The fastest path to create the Slack app is From an app manifest. Paste this JSON, replacing <paste-redirect-uri> with the URI you just copied and <your-company> with your branding:

{
  "display_information": {
    "name": "<your-company> AI Gateway",
    "description": "AI Gateway integration",
    "background_color": "#0b1326"
  },
  "features": {
    "bot_user": {
      "display_name": "<your-company>",
      "always_online": false
    }
  },
  "oauth_config": {
    "redirect_urls": ["<paste-redirect-uri>"],
    "scopes": {
      "user": [
        "search:read.public",
        "search:read.private",
        "search:read.mpim",
        "search:read.im",
        "search:read.files",
        "search:read.users",
        "chat:write",
        "channels:history",
        "groups:history",
        "mpim:history",
        "im:history",
        "canvases:read",
        "canvases:write",
        "users:read",
        "users:read.email"
      ],
      "bot": ["users:read"]
    },
    "pkce_enabled": false
  },
  "settings": {
    "org_deploy_enabled": false,
    "socket_mode_enabled": false,
    "token_rotation_enabled": false,
    "is_mcp_enabled": true
  }
}

After Slack creates the app, go to Basic Information → App Credentials in your Slack app and copy the Client ID and Client Secret back into the Slack resource dialog in your AI Security workspace, then click Add.

Available tools

ToolDescription
slack_search_publicSearch public messages across channels
slack_search_public_and_privateSearch public and private messages
slack_search_channelsSearch for channels
slack_search_usersSearch for users
slack_send_messageSend a message to a channel or user
slack_send_message_draftSend a message draft
slack_schedule_messageSchedule a message for later delivery
slack_read_channelRead messages from a channel
slack_read_threadRead messages in a thread
slack_read_user_profileRead a user's profile
slack_create_canvasCreate a new canvas
slack_read_canvasRead a canvas
slack_update_canvasUpdate an existing canvas
slack_add_reactionAdd an emoji reaction to a message

Required scopes

  • search:read.public — search public channels
  • search:read.private — search private channels
  • search:read.mpim — search multi-person direct messages
  • search:read.im — search direct messages
  • search:read.files — search files
  • search:read.users — search users
  • chat:write — send messages
  • channels:history — read public channel history
  • groups:history — read private channel history
  • mpim:history — read multi-person direct message history
  • im:history — read direct message history
  • canvases:read — read canvases
  • canvases:write — create canvases
  • reactions:read — read message reactions
  • reactions:write — add and remove message reactions
  • users:read — read user profiles
  • users:read.email — read user email addresses

Policy examples

  • Allow agents to search and read, but block sending: tool patterns slack_search_*, slack_read_*
  • Allow only specific agents to send messages: scope an allow rule for slack_send_* to a specific agent
  • Block scheduling messages entirely: add a deny rule for slack_schedule_message above any allow rules

Microsoft 365

Mail, Calendar, Teams, SharePoint, OneDrive, and Word via Microsoft's Work IQ MCP servers

On this page

SetupCredential modesUse SecureAuth's appBring your own appAvailable toolsRequired scopesPolicy examples