slack-salesforce-integration-setup

Use this skill when setting up or troubleshooting the Salesforce for Slack managed app — including connecting a Salesforce org to a Slack workspace, configuring the three-party admin handshake, linking Slack channels to Salesforce records, enabling record preview sharing, and managing org-level limits. Triggers on: Salesforce for Slack app not connecting, Slack org connection setup, Salesforce record sharing in Slack, Slack workspace admin approval, connecting Salesforce to Slack. NOT for building custom Slack apps or Slack bots (separate development platform), not for Slack Workflow Builder Salesforce connector (use slack-workflow-builder skill), not for Flow-based Slack messaging (use flow-for-slack skill).

Best use case

slack-salesforce-integration-setup is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use this skill when setting up or troubleshooting the Salesforce for Slack managed app — including connecting a Salesforce org to a Slack workspace, configuring the three-party admin handshake, linking Slack channels to Salesforce records, enabling record preview sharing, and managing org-level limits. Triggers on: Salesforce for Slack app not connecting, Slack org connection setup, Salesforce record sharing in Slack, Slack workspace admin approval, connecting Salesforce to Slack. NOT for building custom Slack apps or Slack bots (separate development platform), not for Slack Workflow Builder Salesforce connector (use slack-workflow-builder skill), not for Flow-based Slack messaging (use flow-for-slack skill).

Teams using slack-salesforce-integration-setup should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/slack-salesforce-integration-setup/SKILL.md --create-dirs "https://raw.githubusercontent.com/PranavNagrecha/AwesomeSalesforceSkills/main/skills/integration/slack-salesforce-integration-setup/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/slack-salesforce-integration-setup/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How slack-salesforce-integration-setup Compares

Feature / Agentslack-salesforce-integration-setupStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use this skill when setting up or troubleshooting the Salesforce for Slack managed app — including connecting a Salesforce org to a Slack workspace, configuring the three-party admin handshake, linking Slack channels to Salesforce records, enabling record preview sharing, and managing org-level limits. Triggers on: Salesforce for Slack app not connecting, Slack org connection setup, Salesforce record sharing in Slack, Slack workspace admin approval, connecting Salesforce to Slack. NOT for building custom Slack apps or Slack bots (separate development platform), not for Slack Workflow Builder Salesforce connector (use slack-workflow-builder skill), not for Flow-based Slack messaging (use flow-for-slack skill).

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Slack Salesforce Integration Setup

This skill activates when a practitioner needs to connect a Salesforce org to a Slack workspace using the Salesforce for Slack managed app, troubleshoot the three-party admin handshake, configure record sharing, or understand workspace-level limits. It does NOT cover custom Slack app development, Slack Workflow Builder, or Flow-based Slack messaging.

---

## Before Starting

Gather this context before working on anything in this domain:

- The connected-org setup requires THREE parties: a Slack Workspace Owner/Admin to initiate, a Salesforce System Admin to approve in Setup, and a Slack Owner/Admin to activate. A single administrator cannot complete all three steps alone.
- Hard limits: maximum 20 Salesforce orgs per Slack workspace. Government Cloud orgs CANNOT be connected at all.
- Record previews shared into Slack channels are visible to ALL channel members regardless of their individual Salesforce object permissions — this is the primary data-exposure risk.

---

## Core Concepts

### Three-Party Admin Handshake

The connection process requires coordination between three distinct administrative roles:

1. **Slack Workspace Owner/Admin** — Initiates the connection from the Slack App Directory or Salesforce AppExchange. Installs the Salesforce for Slack managed app into the workspace.
2. **Salesforce System Admin** — Approves the connection in Salesforce Setup under Platform Tools > Slack > Manage Slack Connection. This grants the app permission to access the Salesforce org.
3. **Slack Workspace Owner/Admin** — Completes the activation after Salesforce approval.

These steps must happen in order. If the Salesforce System Admin has not approved the connection, the Slack side cannot activate. If the Slack Workspace Owner has not initiated, the Salesforce approval step is not visible.

### Org-Level Limits

- Maximum **20 Salesforce orgs** per Slack workspace (across all plans)
- **Government Cloud** orgs cannot be connected — this is a hard platform restriction, not a configuration choice
- Standard Salesforce editions supported: Enterprise, Unlimited, Developer

### Record Preview Data Exposure

When a Salesforce record URL is shared in a Slack channel, the Salesforce for Slack app unfurls a record preview card visible to ALL channel members. This preview displays field values according to the Salesforce page layout, NOT the channel member's individual Salesforce sharing and field-level security settings. A user without Salesforce access (or with restricted field access) can see field values in the Slack preview that they could not see directly in Salesforce.

This is not a bug — it is documented platform behavior. Organizations with sensitive field data (compensation, legal case details, PII) must review which Salesforce records can be shared in Slack channels and apply channel-level governance policies.

### Platform Integration User and Permission Sets

The Salesforce for Slack app uses a dedicated Platform Integration User in the connected Salesforce org. This user requires specific permission sets to access Salesforce data for previews and search. The exact permission sets may vary by release — verify in the current AppExchange listing or help documentation.

---

## Common Patterns

### Pattern 1: Initial Org Connection (Three-Party Handshake)

**When to use:** First-time setup of Salesforce for Slack in a workspace.

**How it works:**

1. **Slack Workspace Owner/Admin:** Go to Slack App Directory, search "Salesforce for Slack", install to workspace. Or install from Salesforce AppExchange.
2. **Salesforce System Admin:** In Salesforce Setup, navigate to Platform Tools > Apps > Salesforce for Slack. Click "Manage Slack Connection" and authorize the pending connection.
3. **Slack Workspace Owner/Admin:** Return to Slack and complete the activation by confirming the connection.
4. Users then individually connect their personal Salesforce accounts from the Salesforce app in Slack (each user authorizes their own account separately from the org connection).

**Why not do this solo:** The platform requires Slack admin, Salesforce admin, and Slack admin roles at different steps. A single admin doing all steps will hit an authorization gap at step 2 if they lack Salesforce System Admin, or at step 3 if they lack Slack Workspace Owner role.

### Pattern 2: Record Sharing Governance

**When to use:** Restricting which Salesforce records can generate preview cards in Slack channels.

**How it works:**

1. Document which Salesforce objects contain sensitive fields that should not be preview-shared.
2. Educate users that pasting a Salesforce record URL in any Slack channel (including private channels) generates a preview visible to all members.
3. For high-sensitivity objects, implement a Salesforce sharing rule that restricts the record URL from being accessible to the Platform Integration User used by the app.
4. Consider channel governance policies: define which Salesforce record types are acceptable to share in which channel types (public vs. private).

**Why this matters:** Record preview exposure is the primary compliance and data-leakage risk in Salesforce for Slack implementations.

---

## Decision Guidance

| Situation | Recommended Approach | Reason |
|---|---|---|
| First-time org connection | Three-party handshake (Slack admin + SF admin + Slack admin) | Required by platform — single admin cannot complete alone |
| Government Cloud org | Cannot connect | Platform restriction — no workaround |
| 20+ orgs needed in one workspace | Re-evaluate workspace architecture | Hard limit — cannot exceed 20 orgs per workspace |
| Sensitive field data shared in Slack | Channel governance policy + Platform Integration User sharing rules | Preview shows data regardless of individual permissions |
| User cannot see Salesforce records in Slack | User needs personal account connection + Salesforce permissions | Org connection alone does not authorize individual users |

---

## Recommended Workflow

1. Confirm the Salesforce edition is Enterprise, Unlimited, or Developer — Essential/Professional editions are not supported.
2. Confirm the Slack workspace is on a paid plan (Free plan cannot connect to Salesforce).
3. Confirm the workspace has fewer than 20 existing Salesforce org connections.
4. Coordinate the three-party handshake: Slack admin initiates, Salesforce System Admin approves, Slack admin activates.
5. Assign the required permission sets to the Platform Integration User in Salesforce.
6. Communicate the record preview data exposure risk to all workspace members and define channel-level governance policies.
7. Have each individual user connect their personal Salesforce account from the Salesforce app in Slack.

---

## Review Checklist

- [ ] Salesforce edition confirmed: Enterprise, Unlimited, or Developer
- [ ] Slack workspace is on paid plan
- [ ] Workspace has fewer than 20 connected Salesforce orgs
- [ ] Three-party handshake completed in correct order
- [ ] Platform Integration User has required permission sets
- [ ] Record preview data exposure risk documented and communicated
- [ ] Individual users have connected their personal Salesforce accounts
- [ ] Government Cloud exclusion confirmed if applicable

---

## Salesforce-Specific Gotchas

1. **Three-Party Handshake Cannot Be Done Solo** — The connection requires separate Slack admin approval, Salesforce admin approval, and Slack admin activation. If any party is unavailable or lacks the right role, the connection stalls. Plan the handshake as a coordinated event with all three parties present.

2. **Record Previews Bypass Salesforce Field-Level Security** — Previews render fields based on page layout visible to the Platform Integration User, not the Slack user's individual Salesforce permissions. Sensitive fields can be exposed to channel members who lack Salesforce access.

3. **Government Cloud Orgs Cannot Connect** — This is an absolute restriction with no workaround. Organizations with Government Cloud orgs must use alternative integration patterns (custom Slack apps via Slack SDK, or MuleSoft-based integration).

4. **20-Org Workspace Limit** — Large enterprises with many Salesforce orgs across divisions may hit the 20-org limit. There is no configuration to increase this limit. Workspace architecture may need to be split.

5. **User Personal Account Connection Is Separate from Org Connection** — Connecting the org grants workspace-level access, but each individual user must separately authorize their personal Salesforce account in the Slack app. Users who skip this step cannot see personalized Salesforce data or use Salesforce search in Slack.

---

## Output Artifacts

| Artifact | Description |
|---|---|
| Connection setup checklist | Step-by-step three-party handshake with role assignments |
| Data exposure risk register | List of sensitive Salesforce objects with channel-sharing governance policy |
| User onboarding guide | Instructions for individual users to connect personal Salesforce accounts |

---

## Related Skills

- slack-workflow-builder — for building Salesforce-connected automations in Slack Workflow Builder
- flow-for-slack — for Salesforce Flow-based Slack messaging and channel actions
- agentforce-in-slack — for deploying Agentforce agents into Slack

Related Skills

shield-kms-byok-setup

8
from PranavNagrecha/AwesomeSalesforceSkills

Configure Shield Platform Encryption with customer-supplied (BYOK) or customer-held (Cache-Only Key Service) tenant secrets, rotate them, and recover. NOT for Classic Encryption or field masking.

scim-provisioning-integration

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when designing or reviewing SCIM-based user lifecycle provisioning into Salesforce from Okta, Azure AD / Entra, or another IdP — create/update/deactivate, group-to-permission-set mapping, attribute mapping, and deprovisioning semantics. Triggers: 'scim provisioning', 'okta scim salesforce', 'entra salesforce provisioning', 'user deactivation automation', 'group to permission set mapping'. NOT for SSO/authentication setup (see single-sign-on skills).

salesforce-shield-deployment

8
from PranavNagrecha/AwesomeSalesforceSkills

Roll out Shield (Platform Encryption + Event Monitoring + Field Audit Trail) end-to-end, sequencing feature enablement to avoid data lockout. NOT for Classic Encryption or general PE design.

ferpa-compliance-in-salesforce

8
from PranavNagrecha/AwesomeSalesforceSkills

Use this skill when implementing FERPA (Family Educational Rights and Privacy Act) compliance controls in Salesforce Education Cloud or Education Data Architecture (EDA): LearnerProfile FERPA boolean fields, directory information opt-out via FLS and Individual data privacy flags, ContactPointTypeConsent for parental and third-party disclosure, 45-day student records response window tracking, and consent workflow automation. Trigger keywords: FERPA, student records privacy, LearnerProfile, parental disclosure, directory information opt-out, education data privacy, student consent, education cloud compliance. NOT for GDPR/CCPA general data privacy (see gdpr-data-privacy skill), platform encryption at rest (see platform-encryption skill), or HIPAA health-data compliance.

omnistudio-lwc-integration

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when embedding OmniScripts in Lightning Web Components, registering custom LWC elements inside OmniScript screens, or calling OmniScript/Integration Procedures from LWC. Triggers: embed omniscript in LWC, custom LWC element in OmniScript, call OmniScript from Lightning page, omnistudio-omni-script tag, seed data JSON, OmniScript launch from LWC. NOT for standalone LWC development, standard Flow embedding, or OmniScript-to-OmniScript embedding.

integration-procedures

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when building, reviewing, or debugging OmniStudio Integration Procedures. Triggers: 'integration procedure', 'IP', 'HTTP action', 'DataRaptor', 'rollbackOnError', 'failureResponse'. NOT for Apex-only integrations unless the main design choice is whether OmniStudio is still appropriate.

integration-procedure-cacheable-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when designing Integration Procedures (IPs) with platform cache to cut latency and callout load. Covers cache key design, TTL selection, per-user vs org-wide partitions, invalidation on data changes, and safe fallback on cache miss/stale. Does NOT cover general IP authoring (see omnistudio-error-handling-patterns) or LWC client-side caching.

industries-cpq-vs-salesforce-cpq

8
from PranavNagrecha/AwesomeSalesforceSkills

Use this skill when comparing Industries CPQ (formerly Vlocity CPQ) with Salesforce CPQ (Revenue Cloud managed package) — covering feature parity, decision criteria, migration paths, and coexistence patterns. Trigger keywords: Vlocity CPQ, Industries CPQ, Salesforce CPQ comparison, Revenue Cloud migration, CPQ selection, which CPQ to use. NOT for implementing, configuring, or debugging either CPQ product.

tableau-salesforce-connector

8
from PranavNagrecha/AwesomeSalesforceSkills

Tableau ↔ Salesforce integration patterns: Tableau Salesforce connector, Tableau for Salesforce, CRM Analytics alternative, Data Cloud + Tableau, embedded Tableau dashboards. Choose between connector modes (live, extract, direct-to-Data-Cloud). NOT for CRM Analytics Studio (use crm-analytics-foundation). NOT for generic Tableau Server setup.

slack-workflow-builder

8
from PranavNagrecha/AwesomeSalesforceSkills

Use this skill when designing or troubleshooting Slack Workflow Builder workflows that call Salesforce — especially the Salesforce connector step Run a Flow, mapping inputs/outputs, handling failures, and understanding limits. Triggers on: Slack Workflow Builder Salesforce, Run a Flow from Slack, autolaunched flow from Slack, Slack automation calling Salesforce. NOT for Salesforce Flow Builder tutorials unrelated to Slack (use flow skills), not for Flow Core Actions that send Slack messages from Salesforce (use flow-for-slack), not for initial org-to-workspace connection (use slack-salesforce-integration-setup), and not for building custom Slack apps outside Workflow Builder.

slack-connect-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when designing, governing, or troubleshooting Slack Connect channel sharing between two independent organizations. Trigger phrases: external Slack channel collaboration, cross-org Slack channel setup, Slack Connect DLP policy, Slack partner channel governance, regulated industry Slack Connect compliance. Does NOT cover Salesforce-to-Salesforce integration, Salesforce for Slack app setup, or internal single-workspace Slack channels. NOT for Salesforce-to-Salesforce integration.

sis-integration-patterns

8
from PranavNagrecha/AwesomeSalesforceSkills

Use this skill when designing or implementing an integration between a Student Information System (SIS) — such as Ellucian Banner, Ellucian Colleague, Anthology Student, Oracle PeopleSoft Campus Solutions, or Workday Student — and Salesforce Education Cloud. Covers the canonical Education Cloud data model objects (AcademicTermEnrollment, CourseOfferingParticipant, CourseOfferingPtcpResult, LearnerProfile, PersonAcademicCredential), external ID / upsert keying strategies using SIS-native identifiers (Banner PIDM, PeopleSoft EMPLID), batch nightly upsert patterns, Change Data Capture (CDC) for enrollment status writeback, and MuleSoft/middleware watermark patterns. Trigger keywords: SIS integration, Banner integration, PeopleSoft integration, Education Cloud data model, enrollment sync, grade writeback, AcademicTermEnrollment, LearnerProfile upsert. NOT for Salesforce Admissions Connect application processing, Financial Aid integration, Learning Management System (LMS) integrations, or general ETL tooling not involving Education Cloud objects.