SaaS & Collaboration Connectors

Slim.io connects to your SaaS and collaboration platforms to discover sensitive data shared in messages, documents, and records. After an initial full scan, subsequent scans process only new or changed content.

Supported Platforms

Platform	Auth Method	Status
Slack	Bot token (OAuth2)	GA
Microsoft Teams	Service Principal (OAuth2 client credentials)	GA
OneDrive	Service Principal (OAuth2 client credentials)	GA
SharePoint	Service Principal (OAuth2 client credentials)	GA
Google Drive	Service account (domain-wide delegation)	GA
Salesforce	OAuth2 (connected app)	GA

What Gets Scanned

Slack

Channel messages — Public and private channel messages (where the bot is invited)
Shared file metadata — Names and descriptions of files shared in channels
Direct messages — Not scanned (bot tokens do not have access to DMs by default)

Microsoft Teams

Channel messages — Messages in standard and private channels
Attachment names — Metadata of files shared in conversations
Meeting chat — Chat messages from Teams meetings

OneDrive

Document contents — Office documents (Word, Excel, PowerPoint), PDFs, CSVs, and text files
Shared files — Files shared with other users or groups
Folder scoping — Scan specific folders or entire drives

SharePoint

Document libraries — Files stored in SharePoint document libraries
Site contents — Office documents, PDFs, and other supported file types across sites
List data — Text content in SharePoint list items

Google Drive

Document contents — Google Docs, Sheets, Slides (exported as text), PDFs, Office documents
Shared drives — Files in shared (team) drives
Folder scoping — Scan specific folders or entire drives

Salesforce

Object field values — Text fields across standard objects (Contact, Lead, Account, Opportunity, Case)
Custom objects — Text fields on custom objects included in scan scope
Attachments and notes — Content of notes and file attachments on records

Slim.io requests only read permissions when connecting to SaaS platforms. No write, delete, or administrative access is ever requested.

Incremental Scanning

After the initial full scan, Slim.io tracks what has already been processed. Subsequent scans only analyze new or modified content:

Slack and Teams — Only messages posted since the last scan are processed
OneDrive, SharePoint, and Google Drive — Only files created or modified since the last scan are downloaded and analyzed
Salesforce — Only records created or updated since the last scan are sampled

This dramatically reduces scan time and API usage for recurring scans.

Rate Limiting

Slim.io automatically respects each platform’s API rate limits. If a rate limit is encountered during scanning, Slim.io backs off and retries without manual intervention. This ensures your production SaaS services are never disrupted by scanning activity.

Authentication Setup

Slack

Create a Slack App in your workspace at api.slack.com/apps .
Add the following Bot Token Scopes:
- channels:history — Read messages in public channels
- channels:read — List public channels
- groups:history — Read messages in private channels (optional)
- groups:read — List private channels (optional)
- files:read — Access file metadata
Install the app to your workspace and copy the Bot User OAuth Token.
Invite the bot to the channels you want to scan.

Microsoft Teams / OneDrive / SharePoint

All three Microsoft connectors use the same Service Principal:

Register an application in Azure Active Directory > App registrations.
Add the following Application permissions (not delegated):
- Teams: ChannelMessage.Read.All
- OneDrive: Files.Read.All
- SharePoint: Sites.Read.All
Grant admin consent for the permissions.
Create a client secret and note the Application (client) ID and Directory (tenant) ID.

Microsoft application permissions require Azure AD admin consent. Work with your Azure AD administrator to approve the permissions.

Google Drive

Create a service account in the Google Cloud Console.
Enable the Google Drive API in the project.
Enable domain-wide delegation on the service account.
In the Google Admin Console, authorize the service account’s client ID with the scope:
- https://www.googleapis.com/auth/drive.readonly
Download the service account JSON key file.

Salesforce

In Salesforce Setup, navigate to App Manager > New Connected App.
Enable OAuth Settings with the following scopes:
- api — Access and manage your data
- refresh_token — Perform requests at any time
Set the callback URL to the value shown in the Slim.io connector wizard.
Note the Consumer Key and Consumer Secret.
Complete the OAuth flow in the Slim.io connector wizard.

Connector Configuration

Navigate to Connectors > Add Connector in the Customer Dashboard.
Select the SaaS platform.
Complete the authentication flow (OAuth redirect or token entry).
Optionally scope the scan to specific channels, drives, sites, or objects.
Click Test Connection to validate access.

If the test succeeds, the connector status changes to Active and you can trigger your first scan.

Troubleshooting

”Insufficient Permissions” on Test Connection

Verify the OAuth scopes or bot token scopes match the requirements listed above
For Microsoft connectors, confirm that admin consent has been granted
For Google Drive, verify domain-wide delegation is configured correctly

Scan Misses Expected Content

Ensure the bot or service account has access to the target channels, drives, or sites
For Slack, verify the bot has been invited to private channels you want to scan
Check that the connector scope includes the correct resources

Slow Scan Performance

Large initial scans are expected to take longer — subsequent incremental scans will be significantly faster
For Slack and Teams, consider scoping to specific high-risk channels rather than scanning all channels
Contact your account team if scans consistently exceed expected duration

Next Steps

Run Your First Scan — Trigger a scan on this connector
Incremental Scanning — Learn more about how delta scans work