slack-connect-patterns

Use when designing, governing, or troubleshooting Slack Connect channel sharing between two independent organizations. Trigger phrases: external Slack channel collaboration, cross-org Slack channel setup, Slack Connect DLP policy, Slack partner channel governance, regulated industry Slack Connect compliance. Does NOT cover Salesforce-to-Salesforce integration, Salesforce for Slack app setup, or internal single-workspace Slack channels. NOT for Salesforce-to-Salesforce integration.

Best use case

slack-connect-patterns is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use when designing, governing, or troubleshooting Slack Connect channel sharing between two independent organizations. Trigger phrases: external Slack channel collaboration, cross-org Slack channel setup, Slack Connect DLP policy, Slack partner channel governance, regulated industry Slack Connect compliance. Does NOT cover Salesforce-to-Salesforce integration, Salesforce for Slack app setup, or internal single-workspace Slack channels. NOT for Salesforce-to-Salesforce integration.

Teams using slack-connect-patterns should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/slack-connect-patterns/SKILL.md --create-dirs "https://raw.githubusercontent.com/PranavNagrecha/AwesomeSalesforceSkills/main/skills/integration/slack-connect-patterns/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/slack-connect-patterns/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How slack-connect-patterns Compares

Feature / Agentslack-connect-patternsStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use when designing, governing, or troubleshooting Slack Connect channel sharing between two independent organizations. Trigger phrases: external Slack channel collaboration, cross-org Slack channel setup, Slack Connect DLP policy, Slack partner channel governance, regulated industry Slack Connect compliance. Does NOT cover Salesforce-to-Salesforce integration, Salesforce for Slack app setup, or internal single-workspace Slack channels. NOT for Salesforce-to-Salesforce integration.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Slack Connect Patterns

## Overview

Slack Connect is a Slack platform feature that allows two or more independent Slack workspaces to share a channel for cross-organization human collaboration. It is entirely separate from Salesforce integrations. This skill covers the governance, security, compliance, and operational considerations for setting up and maintaining Slack Connect channels in enterprise contexts.

Slack Connect is NOT a data integration mechanism. It does not expose Salesforce APIs, sync Salesforce records, or replace middleware-based Salesforce-to-Salesforce integration. Any design that uses a Slack Connect channel to move Salesforce data between two orgs is an anti-pattern.

## Key Platform Facts

**Plan requirements:** Both the inviting workspace and the receiving workspace must be on a paid Slack plan — Pro, Business+, Enterprise Grid, or Enterprise+. Free plan workspaces cannot initiate or accept Slack Connect invitations. Both sides must independently confirm their plan status before a connection request is initiated.

**Org limit:** A single Slack Connect channel can include members from at most 250 external organizations. Invitations to a 251st organization will fail at the acceptance step without a clear error notification to the inviting admin.

**Admin dual acceptance:** The inviting organization's admin generates the invite link. The receiving organization's Slack admin (not just any member) must explicitly accept the connection request from their Slack admin console. A 14-day expiry window applies to the invite link. If not accepted within 14 days, a new link must be generated.

**Message and data ownership — split-ownership model:** In a Slack Connect channel, each organization independently retains the messages authored by its own members under its own data residency and retention policies. Organization A's retention rules apply to Organization A's members' messages. Organization B's retention rules apply to Organization B's members' messages. There is no shared, unified message store for the channel.

**Message deletion is not bilateral:** If Organization A deletes a message (manually or via a retention policy), the message disappears from Organization A's workspace but remains accessible in Organization B's workspace under Organization B's retention policy. This asymmetry is permanent and by platform design. Deletion cannot be used as a bilateral compliance control.

**eDiscovery scope:** An export from one organization's workspace captures only that organization's members' messages from the Slack Connect channel. A complete channel record for legal or regulatory purposes requires parallel exports from every participating organization, merged by timestamp. Legal teams must understand this limitation before issuing litigation holds.

## DLP Coverage by Plan Tier

Data loss prevention tooling availability depends on the Slack subscription tier of each participating organization:

| Plan | Native Slack DLP |
|---|---|
| Free | Not available |
| Pro | Not available |
| Business+ | Not available |
| Enterprise Grid | Available (PCRE rules, Admin Console > Policies > DLP) |
| Enterprise+ | Available (PCRE rules, Admin Console > Policies > DLP) |

Organizations on Pro or Business+ plans must implement DLP coverage through a third-party integration that subscribes to the Slack Events API. Common options include Nightfall AI, Symantec DLP, and Microsoft Purview DLP for Slack. Third-party DLP operates as a bot in the workspace and intercepts messages via the Events API before or after delivery.

**Scope is workspace-scoped, not channel-scoped:** Even for Enterprise Grid customers, DLP rules apply only to messages authored by that organization's own members. Organization A's DLP rules cannot inspect or act on messages sent by Organization B's members. Bilateral DLP coverage in a Slack Connect channel requires both organizations to independently configure and maintain their DLP tooling.

## Enterprise Key Management and eDiscovery

Slack's Enterprise Key Management (EKM) and native Compliance Export features are also Enterprise Grid / Enterprise+ only. EKM allows an organization to hold the encryption keys for their Slack data. In Slack Connect channels, EKM applies only to the EKM-enabled organization's portion of the channel data — it does not encrypt the partner's messages.

## Operational Governance Requirements

**Plan tier monitoring:** A partner organization's downgrade from Enterprise Grid to Business+ silently removes the native DLP coverage without notifying either organization. Regulated use cases should include a contractual notification clause and a quarterly plan-tier review for all Slack Connect channel partners.

**Channel creation discipline:** Converting an existing internal channel to a Slack Connect channel exposes full prior message history to all external members upon joining. All new external collaboration should begin in a dedicated, freshly created channel with no prior history. Internal discussions about the partner relationship should remain in a separate private channel.

**Retention policy documentation:** Even if matching retention policies are contractually agreed upon between organizations, the asymmetric deletion behavior must be documented in the organization's data governance register and acknowledged by the compliance or legal function.

## Recommended Workflow

1. **Confirm plan eligibility for both organizations.** Before creating a channel or sending an invite, verify that both the inviting and receiving workspaces are on paid Slack plans. Request written confirmation from the partner's Slack admin.

2. **Classify the channel's intended content and determine DLP requirements.** Identify the sensitivity of the data that will flow through the channel. Map that classification to the applicable regulatory regime (HIPAA, GDPR, FINRA, SOX, etc.) and determine whether native or third-party DLP is required. If the inviting or receiving org is on Pro or Business+, third-party DLP must be configured before the first message is sent.

3. **Create a new, empty channel dedicated to the external collaboration.** Never convert an existing internal channel. Name the channel to clearly indicate it is externally shared (e.g., `ext-partnerco-project`).

4. **Configure DLP on both sides before sharing the channel.** Coordinate with the partner organization to confirm their DLP approach. Document both organizations' DLP tooling choices and configuration dates in the governance register.

5. **Generate the Slack Connect invite and send directly to the partner's Slack admin.** Follow up within 5 business days to confirm receipt. Monitor for the 14-day expiry and regenerate if needed.

6. **Document the split-ownership data sovereignty model.** Record in the governance register: both organizations' retention policies, the asymmetric deletion behavior, eDiscovery export procedure, and the 250-org channel limit relative to current participant count.

7. **Establish a quarterly review cadence.** Review partner plan tiers, confirm DLP controls remain active, and confirm retention policies on both sides continue to match contractual commitments. Update the governance register after each review.

## Official Sources Used

- Slack Connect guide: Work with external organizations — https://slack.com/help/articles/360035280511
- How data management features apply to Slack Connect — https://slack.com/help/articles/360035622694
- Slack data loss prevention — https://slack.com/help/articles/1500001560242
- Salesforce Well-Architected Overview — https://architect.salesforce.com/docs/architect/well-architected/guide/overview.html

Related Skills

mfa-enforcement-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Design MFA enforcement: auto-enablement, Salesforce Authenticator rollout, exceptions, service accounts, API-only users, SSO interop, and audit. Trigger keywords: MFA, multi-factor, two-factor, Salesforce Authenticator, MFA exception, MFA SSO, api-only MFA. Does NOT cover: end-user password policies, device-trust posture, or non-Salesforce IdP configuration.

encrypted-field-query-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Design SOQL, filters, reporting, and indexes against Shield Platform Encryption fields. Trigger keywords: Shield Platform Encryption, encrypted field query, probabilistic vs deterministic encryption, encrypted SOQL filter, encrypted field index. Does NOT cover: Classic Encryption (deprecated), field-level security policy, or tenant secret key rotation.

connected-app-security-policies

8
from PranavNagrecha/AwesomeSalesforceSkills

Managing OAuth policies, IP relaxation, session security, PKCE, and credential rotation for Salesforce Connected Apps. Use when hardening Connected App security, rotating client secrets, configuring IP restrictions, or requiring high-assurance sessions. NOT for basic Connected App setup or creation. NOT for OAuth flow implementation (use oauth-flows-and-connected-apps).

apex-managed-sharing-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Grant row-level access programmatically via __Share records when declarative sharing rules cannot express the policy. NOT for OWD, role hierarchy, or criteria-based sharing rule design.

omnistudio-testing-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when testing or validating OmniStudio components — OmniScript preview, Integration Procedure step debugging, DataRaptor field-mapping validation, and end-to-end UTAM-based automation. NOT for Apex unit testing or standard Flow debugging.

omnistudio-error-handling-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when designing fault behavior across Integration Procedures, DataRaptors, OmniScripts, and FlexCards — error routing, user-facing messaging, retry semantics, and idempotency. Triggers: 'omnistudio error', 'integration procedure fault', 'dataraptor error handling', 'omniscript retry', 'flexcard action failure'. NOT for general Apex exception design or Flow fault paths.

omnistudio-ci-cd-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when designing or implementing CI/CD pipelines for OmniStudio components — DataPack export/import, versioning, environment promotion, and automated deployment. NOT for standard Salesforce metadata CI/CD or Apex-only pipelines.

omniscript-design-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when designing or reviewing OmniScripts for guided experiences, step structure, branching, save/resume, and the boundary between OmniScript, Integration Procedures, DataRaptors, and custom LWCs. Triggers: 'omniscript design', 'too many steps in omniscript', 'save and resume omniscript', 'branching in omniscript', 'when should this be an integration procedure'. NOT for deep Integration Procedure or DataRaptor design when the guided interaction layer is not the main concern.

integration-procedure-cacheable-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when designing Integration Procedures (IPs) with platform cache to cut latency and callout load. Covers cache key design, TTL selection, per-user vs org-wide partitions, invalidation on data changes, and safe fallback on cache miss/stale. Does NOT cover general IP authoring (see omnistudio-error-handling-patterns) or LWC client-side caching.

flexcard-design-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when designing, building, or reviewing OmniStudio FlexCards — including data source selection, card states, actions, conditional visibility, flyout configuration, and child card iteration. Triggers: 'FlexCard', 'card template', 'flyout', 'card action', 'card state', 'data source', 'child card', 'conditional visibility'. NOT for OmniScript design, standalone LWC development, or Apex controller architecture outside the FlexCard context.

dataraptor-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when designing or reviewing OmniStudio DataRaptors, especially Extract versus Turbo Extract versus Transform versus Load, field mapping strategy, performance tradeoffs, and when to move work into Integration Procedures or Apex. Triggers: 'DataRaptor Extract', 'Turbo Extract', 'DataRaptor Load', 'DataRaptor Transform', 'OmniStudio data mapping'. NOT for overall OmniScript journey design or Integration Procedure sequencing when the main question is not the DataRaptor shape itself.

wire-service-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when designing or reviewing Lightning Web Components that use `@wire`, Lightning Data Service, UI API, or the GraphQL wire adapter, especially for reactive parameters, cache behavior, and refresh strategy. Triggers: 'wire service', 'refreshApex', 'reactive parameter', 'getRecord', 'wire vs imperative Apex'. NOT for component communication or generic lifecycle issues when data provisioning is not the main concern.