> ## Documentation Index > Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # Set up a Slack connector > C1 provides identity governance and just-in-time provisioning for Slack. Integrate your Slack instance with C1 to run user access reviews (UARs) and enable just-in-time access requests. **Yes, there are TWO kinds of Slack integration!** The instructions below connect a Slack Pro or Business+ workspace with C1 so that you can review access data and grant user access to Slack. (We also have an connector for [Slack Enterprise Grid accounts](/baton/slack-enterprise).) If you want to install the C1 Slack app, so that you and your colleagues can request access and get notifications about new C1 tasks in your Slack workspace, go to the **Settings** page in C1 and click **Notifications**. ## Capabilities ### Slack Pro | Resource | Sync | Provision | | :-------------- | :------------------------------------------------------------ | :-------- | | Accounts | | | | Workspaces | | | | Workspace roles | | | | Groups | | | A limitation in the Slack APIs means that [automatic account provisioning](/product/admin/account-provisioning) is not currently supported for Slack Pro workspaces. ### Slack Business+ | Resource | Sync | Provision | | :-------------- | :------------------------------------------------------------ | :------------------------------------------------------------ | | Accounts | | | | Workspaces | | | | Workspace roles | | | | Business+ roles | | | | Groups | | | | IDP groups\* | | | \*The connector can sync and provision IdP groups only if SSO is configured for your Slack Business+ instance. IDP group provisioning is not supported for GovSlack instances. A limitation in the Slack APIs means that [automatic account provisioning](/product/admin/account-provisioning) is not currently supported for Slack Business+ workspaces. ### Connector actions Connector actions are custom capabilities that extend C1 automations with app-specific operations. You can use connector actions in the [Perform connector action](/product/admin/automations-steps-reference#perform-connector-action) automation step. | Action name | Additional fields | Description | | ------------- | ---------------------------- | ----------------------------------------------------------------------- | | enable\_user | `user_id` (string, required) | Activate a Slack user account by setting active to true via SCIM API | | disable\_user | `user_id` (string, required) | Deactivate a Slack user account by setting active to false via SCIM API | ## Gather Slack credentials Configuring the connector requires you to pass in credentials generated in Slack. Gather these credentials before you move on. A user with the **Admin** role in the Slack workspace must perform this task. ### Step 1: Generate a Slack app-level token Make sure you are signed into Slack, then navigate to [api.slack.com/apps/](https://api.slack.com/apps/). Click **Create an App** and select the **From scratch** option. Give your new Slack app a name, such as "C1 integration", and select the workspace you want to integrate with C1. Click **Create App**. Your new app opens. From the menu on the left, select **OAuth & Permissions**. Scroll down to the **Scopes** section of the page. In the **Bot Token Scopes** area, add the following OAuth Scopes: * channels:join * channels:read * groups:read * team:read * usergroups:read * users.profile:read * users:read * users:read.email **Business+ users only:** In the **User Token Scopes** area, add the following OAuth Scope: * admin The `admin` scope provides access to the Slack SCIM API, which is used to sync users, IDP groups, and enable/disable user accounts on Business+ workspaces. Note: Slack restricts the other `admin.*` scopes (such as `admin.teams:read`, `admin.roles:read`, `admin.usergroups:read`, `admin.users:read`, and `admin.users:write`) to Enterprise Grid plans only. Do not add these scopes on a Business+ workspace — Slack will not grant tokens with these scopes outside of an Enterprise Grid org-level installation. If you need these capabilities, consider upgrading to Enterprise Grid or use the [Slack Enterprise Grid connector](/baton/slack-enterprise) instead. Scroll up to the top of the page. In the **OAuth Tokens for Your Workspace** area, click **Install to Workspace**. When prompted, allow your new app to access the Slack workspace. Your user OAuth token is created. Copy and save the token value. **Done.** Next, move on to the connector configuration instructions. ## Configure the Slack connector To complete this task, you'll need: * The **Connector Administrator** or **Super Administrator** role in C1 * Access to the set of Slack credentials generated by following the instructions above **Follow these instructions to use a built-in, no-code connector hosted by C1.** In C1, navigate to **Integrations** > **Connectors** and click **Add connector**. Search for **Slack** and click **Add**. Choose how to set up the new Slack connector: * Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren't yet managed with C1) * Add the connector to a managed app (select from the list of existing managed apps) * Create a new managed app Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed. If you choose someone else, C1 will notify the new connector owner by email that their help is needed to complete the setup process. Click **Next**. Find the **Settings** area of the page and click **Edit**. **Pro users only:** Paste the token into the **Access token** field. **Business+ users only:** Paste the token into the **Business plus token** field. If you're using a GovSlack instance, select the **Gov environment** checkbox. Click **Save**. The connector's label changes to **Syncing**, followed by **Connected**. You can view the logs to ensure that information is syncing. **Done.** Your Slack connector is now pulling access data into C1. **Follow these instructions to use the Slack connector, hosted and run in your own environment.** When running in service mode on Kubernetes, a self-hosted connector maintains an ongoing connection with C1, automatically syncing and uploading data at regular intervals. This data is immediately available in the C1 UI for access reviews and access requests. ### Resources * [Official download center](https://dist.conductorone.com/ConductorOne/baton-slack): For stable binaries (Windows/Linux/macOS) and container images. * [GitHub repository](https://github.com/conductorone/baton-slack): Access the source code, report issues, or contribute to the project. ### Step 1: Set up a new Slack connector In C1, navigate to **Integrations** > **Connectors** > **Add connector**. Search for **Baton** and click **Add**. Choose how to set up the new Slack connector: * Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren't yet managed with C1) * Add the connector to a managed app (select from the list of existing managed apps) * Create a new managed app Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed. If you choose someone else, C1 will notify the new connector owner by email that their help is needed to complete the setup process. Click **Next**. In the **Settings** area of the page, click **Edit**. Click **Rotate** to generate a new Client ID and Secret. Carefully copy and save these credentials. We'll use them in Step 2. ### Step 2: Create Kubernetes configuration files Create two Kubernetes manifest files for your Slack connector deployment: #### Secrets configuration ```yaml theme={"theme":{"light":"css-variables","dark":"css-variables"}} # baton-slack-secrets.yaml apiVersion: v1 kind: Secret metadata: name: baton-slack-secrets type: Opaque stringData: # C1 credentials BATON_CLIENT_ID: BATON_CLIENT_SECRET: BATON_TOKEN: BATON_BUSINESS_PLUS_TOKEN: # Optional: include if SSO is enabled on your Slack instance BATON_SSO_ENABLED: true # Optional: include if you're using a GovSlack instance BATON_GOV_ENV: true # Optional: include if you want C1 to provision access using this connector BATON_PROVISIONING: true ``` See the connector's README or run `--help` to see all available configuration flags and environment variables. #### Deployment configuration ```yaml expandable theme={"theme":{"light":"css-variables","dark":"css-variables"}} # baton-slack.yaml apiVersion: apps/v1 kind: Deployment metadata: name: baton-slack labels: app: baton-slack spec: selector: matchLabels: app: baton-slack template: metadata: labels: app: baton-slack baton: true baton-app: slack spec: containers: - name: baton-slack image: ghcr.io/conductorone/baton-slack:latest imagePullPolicy: IfNotPresent env: - name: BATON_HOST_ID value: baton-slack envFrom: - secretRef: name: baton-slack-secrets ``` ### Step 3: Deploy the connector Create a namespace in which to run C1 connectors (if desired), then apply the secret config and deployment config files. Check that the connector data uploaded correctly. In C1, click **Apps**. On the **Managed apps** tab, locate and click the name of the application you added the Slack connector to. Slack data should be found on the **Entitlements** and **Accounts** tabs. **Done.** Your Slack connector is now pulling access data into C1.