> ## Documentation Index
> Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up Slack MCP Server

> Create a Slack app, enable Slack's official MCP server, and register it as a remote OAuth MCP server in TrueFoundry.

Slack provides an official remote MCP server at `https://mcp.slack.com/mcp`. You can connect it to the TrueFoundry MCP Gateway so users can search Slack, read channels and threads, send messages, and work with canvases through approved AI clients.

## Prerequisites

* A TrueFoundry account with permission to add MCP servers.
* A Slack workspace where you can create and install apps.
* Your TrueFoundry control plane base URL.

<Note>
  The examples below use Slack OAuth scopes that expose every currently supported Slack MCP capability. Remove scopes your workspace does not need before creating the app.
</Note>

## Create a Slack App

<Steps>
  <Step title="Open the Slack app dashboard">
    Go to [api.slack.com/apps](https://api.slack.com/apps). Select an existing app if you want to reuse one, or choose **Create New App**.
  </Step>

  <Step title="Create the app from a manifest">
    Select **From an app manifest**, choose the target workspace, switch the manifest editor to **JSON**, and paste the following manifest.

    Replace `<tfy-control-plane-base-url>` with your TrueFoundry control plane URL.

    ```json theme={"dark"}
    {
      "display_information": {
        "name": "TrueFoundry Slack MCP"
      },
      "features": {
        "bot_user": {
          "display_name": "TrueFoundry Slack MCP",
          "always_online": false
        }
      },
      "oauth_config": {
        "redirect_urls": [
          "https://<tfy-control-plane-base-url>/api/svc/v1/llm-gateway/mcp-servers/oauth2/callback"
        ],
        "scopes": {
          "user": [
            "search:read.public",
            "search:read.private",
            "search:read.mpim",
            "search:read.im",
            "search:read.files",
            "search:read.users",
            "chat:write",
            "channels:history",
            "groups:history",
            "mpim:history",
            "im:history",
            "canvases:read",
            "canvases:write",
            "users:read",
            "users:read.email"
          ],
          "bot": [
            "channels:read"
          ]
        }
      },
      "settings": {
        "org_deploy_enabled": false,
        "socket_mode_enabled": false,
        "token_rotation_enabled": false
      }
    }
    ```
  </Step>

  <Step title="Review and create the app">
    Click **Next**, review the Slack summary, and create the app.
  </Step>

  <Step title="Enable Slack MCP">
    In the Slack app sidebar, open **Features** > **Agents & AI Apps**, then enable **Model Context Protocol**.
  </Step>
</Steps>

## Slack Scope Reference

Use the table below to trim the manifest before you create the app.

| Capability                              | Slack scopes                                                                      |
| --------------------------------------- | --------------------------------------------------------------------------------- |
| Search public and private messages      | `search:read.public`, `search:read.private`, `search:read.mpim`, `search:read.im` |
| Search files                            | `search:read.files`                                                               |
| Search users                            | `search:read.users`                                                               |
| Send messages                           | `chat:write`                                                                      |
| Read channels, groups, DMs, and threads | `channels:history`, `groups:history`, `mpim:history`, `im:history`                |
| Read and write canvases                 | `canvases:read`, `canvases:write`                                                 |
| Read user profiles                      | `users:read`, `users:read.email`                                                  |
| Let the bot list channels               | `channels:read`                                                                   |

<Warning>
  Grant only the scopes your agents need. For example, remove `chat:write` if agents should not post messages to Slack.
</Warning>

## Copy Slack OAuth Credentials

Open **Settings** > **Basic Information** in your Slack app and copy the **Client ID** and **Client Secret**. Store the secret securely; you will paste it into the TrueFoundry MCP server OAuth configuration.

If you reused an existing Slack app, also verify the following:

* The redirect URL is `https://<tfy-control-plane-base-url>/api/svc/v1/llm-gateway/mcp-servers/oauth2/callback`.
* The user and bot scopes match the access you want to grant.
* **Model Context Protocol** is enabled under **Agents & AI Apps**.

## Register Slack in TrueFoundry

<Steps>
  <Step title="Add a remote MCP server">
    In TrueFoundry, open **MCP Gateway**, click **Add MCP Server**, and select **Connect any Remote MCP Server**.
  </Step>

  <Step title="Configure the server">
    Use the following values:

    | Field                 | Value                                                                                           |
    | --------------------- | ----------------------------------------------------------------------------------------------- |
    | **Name**              | `slack`                                                                                         |
    | **URL**               | `https://mcp.slack.com/mcp`                                                                     |
    | **Description**       | `Slack MCP server for searching messages, reading channels, and using Slack tools from agents.` |
    | **Authentication**    | `OAuth2`                                                                                        |
    | **Grant Type**        | `Authorization Code`                                                                            |
    | **Authorization URL** | `https://slack.com/oauth/v2_user/authorize`                                                     |
    | **Token URL**         | `https://slack.com/api/oauth.v2.user.access`                                                    |
    | **Client ID**         | Client ID from the Slack app                                                                    |
    | **Client Secret**     | Client Secret from the Slack app                                                                |
    | **JWT Source**        | `Access Token`                                                                                  |
  </Step>

  <Step title="Add collaborators">
    Add the users or teams that should use Slack tools. Assign **MCP Server Manager** to administrators and **MCP Server User** to consumers.
  </Step>

  <Step title="Save and authorize">
    Create the MCP server. Users should open the server's **Tools** section and click **Connect Now** to complete Slack OAuth with their own Slack account.
  </Step>
</Steps>

<Tip>
  If your TrueFoundry version discovers OAuth metadata from the remote MCP server, use the discovered values and only provide the Slack client credentials when prompted.
</Tip>

## Verify the Connection

For OAuth-based MCP servers, users must first open the server's **Tools** section and click **Connect Now**. After OAuth succeeds, the Slack tools appear in the tools list. Users can then try those tools from the **Agent Playground**.

Test write-capable tools only if you intentionally kept `chat:write` in the Slack app scopes.

## Use Slack Safely with Agents

* Use per-user OAuth authorization so Slack permissions follow each user's workspace access.
* Keep the Slack client secret in TrueFoundry and rotate it if it is exposed.
* Start with read-only scopes for broad rollouts, then add write scopes for trusted teams or virtual MCP servers.
* Use [Virtual MCP Server](/docs/ai-gateway/mcp/virtual-mcp-server) to publish only the Slack tools each agent should call.
* Review Slack's [MCP security guidance](https://docs.slack.dev/ai/slack-mcp-server/) before enabling Slack alongside other sensitive MCP servers.
