Secure Slack Workspaces with Mondoo
Continuously scan a Slack workspace for misconfigurations and security issues.
Mondoo continuously scans a Slack workspace for misconfigurations and security issues. Deploy the integration once and assessments stay current as the workspace changes.
Prerequisites
- Editor or Owner access to the Mondoo space
- Access to a Slack workspace
Create a Slack API token for Mondoo
Mondoo authenticates to Slack with a user OAuth token from a new Slack app.
-
On the Slack API website, go to Your Apps and select Create an App.

-
Select From scratch.

-
Name the app (for example,
mondoo-security), pick the workspace to secure, and select Create App.
-
Under Add features and functionality, select Permissions.

-
Scroll to Scopes > User Token Scopes and add each of these scopes (select Add an OAuth Scope for each):
channels:readgroups:readim:readmpim:readteam:readusergroups:readusers:read

-
Scroll up to OAuth Tokens for Your Workspace and select Install to Workspace, then Allow to confirm.

-
Copy the User OAuth Token. You need it in the next section.

Add a Slack integration
In the Mondoo App, navigate to the space where you want to add the integration. In the side navigation bar, select Integrations. In the top right, select + INSTALL. On the integrations page, find the integration you want by browsing or searching by name:
-
Under SaaS, select Slack.

-
In Choose an integration name, enter a name that identifies the workspace.
-
In Enter the API token, paste the User OAuth Token you copied.
-
Select START SCANNING.
On the Recommended Policies page, enable the policies you want Mondoo to score this integration against. To learn how policies work, read Manage Policies.
After you connect
Once Slack scanning is enabled, explore your asset inventory, then assess and improve your security to review and prioritize your findings.