Slack Integration Guide
If your team lives in Slack, this integration lets Openlane deliver security and compliance notifications directly into your channels and sync your workspace users as directory accounts. Vulnerability SLA reminders, access review deadlines, policy attestation nudges — right where your team already works.
Key Capabilities
- Workspace Connectivity Validation: Confirms Slack token health and channel availability.
- Outbound Notifications: Sends compliance event messages (remediation deadlines, review reminders, policy updates) to configured channels.
- Directory Account Sync: Collects workspace users as directory accounts for identity governance and access reviews.
Prerequisites
- Permission to install a Slack app in the target workspace, or a bot token from an existing custom Slack app.
Supported Operations
| Operation | Description |
|---|---|
MessageSendOperation | Send a Slack message via chat postMessage |
DirectorySync | Collect workspace users as directory accounts |
Step-by-Step Setup
Step 1: Connect Slack
Choose the authentication method that fits your setup:
Option A: Slack OAuth Credential
Connect your Slack workspace via OAuth — no credentials to enter manually.
- Navigate to Organization Settings > Integrations and find Slack.
- Click Configure and expand Slack OAuth Credential.
- Click Continue to Authorization — you will be redirected to Slack to authorize access.
- Review and approve the requested permissions.
- After authorization, you are redirected back to Openlane and the connection is saved.
Option B: Slack Bot Token
Connect using a bot token from a custom Slack app. Use this option if your workspace requires a dedicated app with explicit scope control.
- Go to api.slack.com/apps and create or select an app.
- Under OAuth & Permissions, add the required bot token scopes (
channels:read,chat:write,chat:write.public, and any others needed). - Install the app to your workspace.
- Copy the Bot User OAuth Token from the OAuth & Permissions page.
- Navigate to Organization Settings > Integrations > Slack > Configure and expand Slack Bot Token.
- Enter the bot token and click Save.
Step 2: Configure Sync Behavior
Optionally configure which data is collected and how records are filtered before ingestion:
Directory Account Sync
| Setting | Description |
|---|---|
| Disable | Turn off user ingestion from Slack without disconnecting the integration |
| Filter Expression | Optional CEL expression evaluated against each user record — only records that match are ingested |
Filter expression examples:
# Exclude external users (Slack Connect, single-channel and multi-channel guests)
payload.is_external == false
# Exclude bot users
payload.is_bot == false
CEL expressions have access to the full raw payload for each record via payload.<field>. Expressions can be combined with && to apply multiple filters at once.
Validate Connection
After saving, Openlane runs a health check against Slack and displays the result on the Installed tab of the Integrations page. A Healthy badge confirms connectivity. If the badge shows Needs Attention, review the troubleshooting section below.
What Openlane Syncs
Openlane reads workspace metadata and user records for directory sync, and sends outbound notification messages to Slack channels. Use this to route compliance-relevant alerts (vulnerability SLA breaches, upcoming access review deadlines, policy attestation reminders) to the teams responsible for action. Helps demonstrate timely response and escalation under SOC 2 CC7.2 and CC7.3.
Disconnect
To remove this integration:
- Navigate to Organization Settings > Integrations
- Select the Installed tab
- Open the menu on the integration card and select Disconnect.
This removes stored credentials and stops all collection activity. You can reconnect later by configuring the integration again.
Troubleshooting
not_in_channelerrors: invite the app bot user to the target channel before sending messages.- Scope errors: update bot token scopes in your app settings and reinstall the app to the workspace.
- No users synced: verify the bot has
users:readscope and check any active filter expressions.