Documentation Index
Fetch the complete documentation index at: https://support.configview.com/llms.txt
Use this file to discover all available pages before exploring further.
ConfigView pulls Slack data through Slack apps that you create in your own account. Depending on your Slack plan, you may need one or two separate apps:
| App | Required for | Plans |
|---|
| ConfigView (workspace app) | Users, channels, user groups, custom emoji, files, channel membership, the /configview slash command | All Slack plans |
| ConfigView Admin (org-level app) | Workspaces inventory, per-workspace user membership, approved/restricted apps, app scopes, role assignments, information barriers, invite requests | Slack Enterprise Grid only |
xoxb-...), while the org-level app must be installed by an Org Owner across the entire Enterprise Grid and uses a user token (xoxp-...) with admin scopes that are not available to workspace-scoped apps.
If you are on a single workspace plan, do Part 1 only. If you are on Enterprise Grid, do Parts 1 and 2. Part 3 (the /configview slash command) is optional and only needs the Part 1 app.
Part 1: Slack Workspace Ingestion
Set up the ConfigView workspace app so ConfigView can pull your workspace data (users, channels, user groups, custom emoji, recent files) into the dashboard.
Step 1: Create the ConfigView Slack App
- Go to: https://api.slack.com/apps
- Click Create New App
- Choose From scratch
- App Name:
ConfigView
- Pick your workspace from the dropdown
- Click Create App
Step 2: Add Bot Token Scopes
- In the left sidebar, click OAuth & Permissions
- Scroll down to Scopes > Bot Token Scopes
- Click Add an OAuth Scope and add each of the following:
| Scope | Purpose |
|---|
users:read | Read workspace member profiles |
users:read.email | Read member email addresses |
channels:read | List public channels and their membership |
groups:read | List private channels the bot is in |
usergroups:read | List user groups and their members |
emoji:read | List custom workspace emoji |
files:read | List recent files (governance / DLP visibility) |
Step 3: Install the App to Your Workspace
- Scroll to the top of OAuth & Permissions
- Click Install to Workspace
- Review the permissions and click Allow
- Copy the Bot User OAuth Token (starts with
xoxb-)
Keep this token safe. You will add it to ConfigView in the next step.
Step 4: Add the Token to ConfigView
- Go to your ConfigView dashboard:
https://{companyname}.configview.com/admin/secret/
- Click Add Secret
- Secret name:
SLACK_BOT_TOKEN
- Secret value: Paste the
xoxb-... token you copied
- Click Save
Step 5: Enable the Workspace Scripts in ConfigView
-
Go to:
https://{companyname}.configview.com/admin/cron/
-
You should see Slack in the list of available apps
-
Select the scripts you want to run:
- Users — All workspace members with email, admin status, 2FA, timezone
- Channels — Public and private channels with member counts
- Channel Members — Which users are in which channels
- User Groups — Handle-based groups (e.g.
@engineering)
- User Group Members — Which users belong to which groups
- Custom Emoji — All custom workspace emoji
- Files (recent) — Files uploaded in the last 7 days
- Bots — Bot user accounts and the apps that own them
-
Click Save
Note: Channel Members depends on Channels; User Group Members depends on User Groups; Bots depends on Users. ConfigView wires these dependencies automatically — parent scripts always run first.
Step 6: Verify
- Go to:
https://{companyname}.configview.com/admin/status/
- Run the Slack health check
- The workspace section should pass:
- Secret Manager:
SLACK_BOT_TOKEN
- Slack bot auth
users.list scopeconversations.list scopeusergroups.list scopeemoji.list scopefiles.list scope
If a check fails, verify:
- The
SLACK_BOT_TOKEN secret is saved correctly (no extra spaces)
- The bot has been installed to the correct workspace
- All scopes from Step 2 were added before installing
The admin sections of the health check will show Skipped until you complete Part 2. That is expected on non-Enterprise plans.
Workspace Data Tables
| Table | Key Columns |
|---|
slack_users | slack_user_id, email, real_name, is_admin, has_2fa, deleted |
slack_channels | channel_id, name, is_private, is_archived, num_members, creator |
slack_channel_members | channel_id, slack_user_id |
slack_user_groups | group_id, name, handle, user_count |
slack_user_group_members | group_id, slack_user_id |
slack_emoji | name, is_alias, alias_for, url |
slack_files | file_id, name, mimetype, size_bytes, user_id, is_public, created |
slack_bots | slack_user_id, bot_id, app_id, name, team_id, deleted |
run_at column for historical tracking.
Part 2: Slack Enterprise Grid Admin Ingestion
Skip this section if you are not on Slack Enterprise Grid. The endpoints below only work on Enterprise Grid plans and require admin scopes that are not available to workspace-scoped apps.
This part covers a separate, second Slack app installed at the Enterprise Grid org level by an Org Owner. It pulls org-wide governance data: every workspace, per-workspace user membership, approved/restricted apps and their OAuth scopes, role assignments, information barriers, and invite requests.
You cannot add these admin scopes to the workspace app from Part 1 — admin scopes only become available when the app is created and installed at the org level.
Step 1: Create the ConfigView Admin Slack App
- Sign in to Slack as an Org Owner (this is required to see org-level options)
- Go to: https://api.slack.com/apps
- Click Create New App
- Choose From scratch
- App Name:
ConfigView Admin
- Pick your Enterprise Grid org from the dropdown (not an individual workspace)
- Click Create App
If the dropdown only shows individual workspaces and not your org, you are not signed in as an Org Owner. Contact your Slack admin to either sign in themselves or grant you Org Owner privileges.
Step 2: Add User Token Scopes (Admin)
- In the left sidebar, click OAuth & Permissions
- Scroll down to Scopes > User Token Scopes (not Bot Token Scopes)
- Click Add an OAuth Scope and add each of the following:
| Scope | Used by |
|---|
admin.teams:read | Workspaces inventory + workspace admins |
admin.users:read | Per-workspace user membership |
admin.apps:read | Approved apps, restricted apps, app requests, app scopes |
admin.conversations:read | Org-wide conversations inventory |
admin.roles:read | Role assignments (admin / owner / etc.) |
admin.barriers:read | Information barriers |
admin.usergroups:read | User group → channel mappings |
admin.invites:read | Pending invite requests |
This app does not need any bot token scopes. The admin endpoints are user-token-only.
Step 3: Install at the Org Level
- Scroll to the top of OAuth & Permissions
- Click Install to Organization (the wording will say “Organization”, not “Workspace”, because you created the app at the org level)
- Review the admin permissions and click Allow
- Copy the User OAuth Token (starts with
xoxp-)
Note: The token is a user token tied to whichever Org Owner installs the app. If that person leaves the company, the token may stop working. Use a dedicated service account (an Org Owner account owned by IT, not a personal account) wherever possible.
Step 4: Add the Admin Token to ConfigView
- Go to:
https://{companyname}.configview.com/admin/secret/
- Click Add Secret
- Secret name:
SLACK_ADMIN_USER_TOKEN
- Secret value: Paste the
xoxp-... token you copied
- Click Save
Both SLACK_BOT_TOKEN (from Part 1) and SLACK_ADMIN_USER_TOKEN need to coexist. The Slack scripts pick whichever token the endpoint requires.
Step 5: Enable the Admin Scripts in ConfigView
-
Go to:
https://{companyname}.configview.com/admin/cron/
-
In the Slack section, enable the additional admin scripts:
- Workspaces (Admin) — Every workspace in the Enterprise Grid org
- Workspace Admins — Which users are admins of each workspace
- Org Users (per Workspace) — User-to-workspace membership matrix
- Approved Apps — Apps approved org-wide or per workspace, with their OAuth scopes
- Restricted Apps — Apps explicitly restricted org-wide or per workspace
- App Requests — Pending install requests
- App Scopes — Normalized table of every (app, scope) pair, with sensitivity flag
- Conversations (Org-wide) — Channels visible across the entire org
- Role Assignments — Admin/Owner/etc. role grants
- Information Barriers — Configured barriers between user groups
- User Group Channels — Channels each user group is auto-added to
- Invite Requests — Pending invitations awaiting approval
-
Click Save
Most admin scripts depend on Workspaces (Admin) so the org’s workspace list is available to iterate. App Scopes depends on Approved Apps + Restricted Apps. ConfigView handles all of this automatically.
Step 6: Verify
- Go to:
https://{companyname}.configview.com/admin/status/
- Run the Slack health check
- The admin section should now pass:
- Secret Manager:
SLACK_ADMIN_USER_TOKEN
- Slack admin auth
admin.teams.list scopeadmin.apps.approved.list scopeadmin.apps.restricted.list scopeadmin.apps.requests.list scopeadmin.conversations.search scopeadmin.roles.listAssignments scopeadmin.barriers.list scope
If a scope check fails, the most common cause is that the scope was added in Bot Token Scopes rather than User Token Scopes. Re-check Step 2, then reinstall to the organization for the change to take effect.
Tuning: Files window
The Files (recent) script (Part 1) defaults to the last 7 days. If you want a wider or narrower window, set the environment variable on the server:
SLACK_FILES_WINDOW_DAYS=30
Admin Data Tables
| Table | Key Columns |
|---|
slack_admin_teams | team_id, name, domain, email_domain, is_verified, date_created |
slack_admin_team_admins | team_id, slack_user_id |
slack_admin_users | slack_user_id, team_id, email, is_active, is_admin, has_2fa, datetime_last_login |
slack_admin_apps_approved | app_id, app_name, team_id, scope_type, scopes_json, date_updated |
slack_admin_apps_restricted | app_id, app_name, team_id, scope_type, scopes_json, date_updated |
slack_admin_apps_requests | request_id, app_id, requester_email, team_id, message, date_created |
slack_admin_app_scopes | state (approved/restricted), app_id, scope_name, is_sensitive, token_type |
slack_admin_conversations | channel_id, name, conversation_type, member_count, is_org_shared, is_ext_shared |
slack_admin_roles_assignments | role_id, entity_type, entity_id, user_id |
slack_admin_barriers | barrier_id, primary_usergroup_id, barriered_from_usergroup_ids_json |
slack_admin_usergroup_channels | usergroup_id, channel_id, team_id |
slack_admin_invite_requests | request_id, email, team_id, requester_user_id, date_created |
run_at column for historical tracking.
Part 3: Slack Bot (Query Runner)
Run ConfigView queries directly from Slack using the /configview slash command. This uses the ConfigView workspace app from Part 1, not the admin app.
Step 1: Add Bot Scopes
- Go back to: https://api.slack.com/apps
- Select your ConfigView app (the workspace app from Part 1)
- Go to OAuth & Permissions > Bot Token Scopes
- Add the following additional scopes:
| Scope | Purpose |
|---|
chat:write | Post messages to channels |
commands | Enable slash commands |
- You will be prompted to reinstall the app. Click Reinstall to Workspace and approve.
Important: After reinstalling, the bot token stays the same. You do not need to update the secret in ConfigView.
Step 2: (Optional) Add Signing Secret
The signing secret lets ConfigView verify that incoming requests are genuinely from Slack.
- In your Slack app settings, go to Basic Information
- Scroll to App Credentials
- Copy the Signing Secret
- In ConfigView, go to
https://{companyname}.configview.com/admin/secret/
- Add a secret: Name:
SLACK_SIGNING_SECRET, Value: paste the signing secret
This is optional but recommended for production use.
Step 3: Enable the Slash Command
- In the left sidebar, click Slash Commands
- Click Create New Command
- Fill in:
- Command:
/configview
- Request URL:
https://{companyname}.configview.com/api/slack/command
- Short Description:
Run ConfigView queries
- Usage Hint:
[help | run <query_id>]
- Click Save
Step 4: Enable Interactivity
This lets users click the “Run” buttons in the query list.
- In the left sidebar, click Interactivity & Shortcuts
- Toggle Interactivity to On
- Set Request URL to:
https://{companyname}.configview.com/api/slack/interaction
- Click Save Changes
Step 5: Invite the Bot to a Channel
- Open the Slack channel where you want the bot to post (e.g.
#configview-alerts)
- Type:
/invite @ConfigView
Create a dedicated channel like #configview-alerts to keep query results organized.
Step 6: Mark Queries as Slack-Enabled
- Go to:
https://{companyname}.configview.com/admin/query/
- Open a saved query and click Save
- Toggle Enable for Slack bot to on
- Fill in the Slack summary — this is the description users see when browsing queries in Slack
- Click Save
Step 7: Test It
- Open the Slack channel where the bot was invited
- Type:
/configview
- You should see a list of slack-enabled queries with Run buttons
- Click Run on a query — the bot posts the results to the channel
You can also run a query directly by ID:
Or get help:
Bot Commands
| Command | Action |
|---|
/configview | List all slack-enabled queries with Run buttons |
/configview run <id> | Run a specific query by ID and post results |
/configview help | Show available commands |
The bot posts formatted messages with:
- Query name as the header
- Row count summary
- Table of results (up to 10 rows, 6 columns)
- Truncation notice if results exceed the display limit
Troubleshooting
| Issue | Fix |
|---|
/configview says “not found” | Verify the Slash Command Request URL matches your ConfigView domain |
| Bot posts nothing on button click | Check the Interactivity Request URL is correct |
| ”channel_not_found” error | Verify the channel name — no # prefix, exact spelling |
| ”not_in_channel” error | The bot must be invited to private channels with /invite @ConfigView |
| ”not_authed” or “invalid_auth” | Verify SLACK_BOT_TOKEN secret is correct in ConfigView |
| Query results are empty | Check that the query works in the ConfigView Query page first |
| Messages stop after app reinstall | Token should persist, but re-check SLACK_BOT_TOKEN if issues occur |
Admin scripts return not_allowed_token_type | The endpoint needs a user token. Verify you used SLACK_ADMIN_USER_TOKEN (Part 2), not SLACK_BOT_TOKEN |
Admin scripts return missing_scope | Add the scope listed in Part 2 Step 2 under User Token Scopes, then reinstall the admin app to the organization |
Admin scripts return not_an_enterprise | The org-level app isn’t installed on Enterprise Grid. Either the customer isn’t on Enterprise Grid (skip Part 2 entirely) or the app was created against a single workspace instead of the org — recreate per Part 2 Step 1 |
