Can Slack and Teams integrate?

Yes! While there's no native integration between Slack and Microsoft Teams, SlackBridge provides a seamless bridge. Messages you send in Slack appear in your client's Teams channel, and their replies come back to Slack instantly.

How secure is SlackBridge?

SlackBridge uses OAuth 2.0 for authentication and the official Microsoft Graph API for Teams integration. We're 100% serverless — messages relay in real-time and full message content is not stored. Temporary metadata is retained for up to 7 days to support thread synchronization. All connections are encrypted on enterprise-grade infrastructure.

Do my clients need to install anything?

No. Your client contact receives an invite link and can approve the connection themselves or forward it to their IT administrator. Once approved, their users message you normally in Teams - they don't know you're on Slack.

What's the difference between SlackBridge and migrating from Slack to Teams?

Migration means abandoning Slack entirely and moving to Teams. SlackBridge lets you keep using Slack while communicating with Teams users. No migration, no retraining, no lost integrations.

Can I connect to multiple Teams tenants?

Yes! Agencies and consultancies can connect their single Slack workspace to multiple client Teams tenants. Each client connection is managed separately with its own channel mappings.

How much does Slack Teams integration cost?

SlackBridge offers a free tier for small teams getting started. For larger teams and enterprises, pricing is based on the number of active connections and message volume. Visit our pricing page for details.

Is this the same as Slack Connect?

No. Slack Connect requires both parties to use Slack. SlackBridge works when your client uses Microsoft Teams and doesn't want another app. They stay in Teams, you stay in Slack.

On This Page

1. Security Overview
2. System Architecture
3. SOC2 Compliance
4. Authentication & Access
5. Encryption
6. Rate Limiting & DoS Protection
7. Audit Logging
8. Vulnerability Management
9. Certifications & Attestations
10. Application Permissions
11. Security Contact

Security & Compliance

Last updated: December 29, 2025

1. Security Overview

SlackBridge is built with enterprise-grade security at its core. We implement comprehensive security controls aligned with SOC2 Trust Service Criteria to protect your data and ensure reliable service delivery.

SOC2-Aligned Controls

We have implemented controls aligned with SOC2 Trust Service Criteria across Security, Availability, and Confidentiality. Formal audit has not yet been completed.

2. System Architecture

SlackBridge operates as a serverless message relay running on Cloudflare's global edge network. Messages are relayed in real-time. Full message content is not stored; only minimal metadata is temporarily retained for thread synchronization.

Key Security Properties

Minimal message storage: Full messages are relayed in real-time without persistence. Temporary metadata (sender name, short text snippet) is retained based on your plan tier (7–365 days) to support thread synchronization
Edge processing: Requests are handled at the nearest Cloudflare data center (300+ locations)
End-to-end encryption: TLS 1.3 secures all connections between Slack, SlackBridge, and Teams
Isolated execution: Each request runs in an isolated V8 context with no shared state

3. SOC2 Compliance Status

We have implemented controls aligned with the AICPA SOC2 framework. Below is our current compliance status:

Authentication

Multi-layer verification for all platform integrations

Authorization

Role-based access control with least-privilege principles

Encryption

Industry-standard encryption for data in transit and at rest

Rate Limiting

Adaptive rate limiting to prevent abuse

CSRF & Replay Protection

Request validation and deduplication

Audit Logging

Comprehensive event logging with configurable retention

Input Validation

Strict validation and sanitization of all inputs

Monitoring

Health endpoints and Cloudflare analytics for availability tracking

Detailed Documentation: Complete technical specifications and documentation of our implemented security controls are available to enterprise customers under NDA. Contact [email protected] to request access.

4. Authentication & Access Control

SlackBridge implements multi-layer authentication to verify requests from both Slack and Microsoft Teams platforms.

4.1 Platform Integration Security

Cryptographic signature verification for all incoming webhooks
Token validation following platform security best practices
App identity verification to prevent request forgery
Timestamp validation and replay attack protection

4.2 Dashboard Access

OAuth 2.0 with PKCE for secure authentication
Server-side session management with configurable expiration
CSRF protection on all state-changing operations
API key authentication for programmatic access

5. Encryption

SlackBridge uses industry-standard encryption to protect data both in transit and at rest.

5.1 Data in Transit

Modern TLS encryption for all connections
HSTS (HTTP Strict Transport Security) enabled
Automatic certificate management and renewal

5.2 Data at Rest

Strong encryption for stored OAuth tokens and credentials
Unique initialization vector for each encryption operation
Encryption keys managed as secrets, never in source code

5.3 Message Content

Important: Full message content is not stored on our servers. Messages are relayed in real-time through our serverless infrastructure. To enable thread synchronization, minimal metadata (sender name, short text snippet up to 200 characters) is temporarily retained based on your plan tier (Free: 7 days, Starter: 14 days, Pro: 30 days, Enterprise: 365 days).

6. Rate Limiting & DoS Protection

SlackBridge implements adaptive rate limiting to protect against abuse while ensuring legitimate traffic flows smoothly.

Per-endpoint limits: Different rate limits for message events, API calls, and authentication
Sliding window algorithm: Smooth rate limiting that prevents bursting
Graceful degradation: System maintains availability even under stress
Abuse detection: Automated blocking of suspicious traffic patterns

Rate limits are calibrated to support normal business usage while preventing abuse. Enterprise customers can request limit adjustments based on their needs.

7. Audit Logging

SlackBridge maintains comprehensive audit logs for security monitoring and compliance purposes.

7.1 Events Logged

Authentication events: Login attempts and session management
Security events: Rate limiting, replay detection, CSRF failures
Administrative actions: Configuration changes and access modifications

Logs capture relevant metadata while automatically redacting sensitive data such as tokens and secrets.

7.2 Log Integrity

Immutable storage: Audit logs are written to tamper-evident storage
Configurable retention: Retention periods meet compliance requirements
Write-Once Read-Many: Ensures log integrity for auditing

8. Vulnerability Management

SlackBridge follows security best practices to identify and remediate vulnerabilities.

Code review: Multiple review layers including automated security scanning
SSRF protection: Strict URL validation and request restrictions
Input validation: Comprehensive validation of all user inputs and webhooks
Secure comparisons: Protection against timing-based attacks
Error handling: Secure error responses that don't leak internal details
Dependency management: Regular updates and security patch monitoring

9. Certifications & Attestations

SlackBridge has implemented controls aligned with SOC2 Type 2 requirements and is eligible for formal audit.

9.1 SlackBridge Controls

Security: Comprehensive authentication, encryption, and abuse prevention controls
Availability: Health monitoring, graceful degradation, and redundancy measures
Confidentiality: Data encryption, access logging, and secure storage

9.2 Infrastructure Certifications

SlackBridge runs on Cloudflare's globally distributed infrastructure, which maintains:

SOC 2 Type II
ISO 27001
PCI DSS Level 1
GDPR compliant

10. Application Permissions

SlackBridge offers two setup methods for connecting Microsoft Teams. Each method requests a different set of Microsoft Graph API permissions from your tenant administrator.

10.1 Slack Permissions

SlackBridge requests the following Slack bot scopes when you connect your workspace. These are the same regardless of which Microsoft setup method you choose.

Scope	Purpose
channels:read	List public channels for mapping selection
channels:history	Fetch new messages in public channels for real-time relay
channels:manage	Create and configure bridged channels
channels:join	Join public channels selected for bridging
groups:read	List private channels for mapping selection
groups:history	Fetch new messages in private channels for real-time relay
groups:write	Create and configure private bridged channels
chat:write	Post bridged messages from Teams into Slack
chat:write.customize	Display the original Teams sender name and avatar
users:read	Resolve Slack user profiles for display in Teams
users:read.email	Match Slack users by email for member invites
team:read	Fetch workspace name and icon for the dashboard

Messages are never stored. SlackBridge relays messages in real-time between platforms. Only minimal metadata (sender name, short snippet) is temporarily retained for thread synchronization.

10.2 Secure Connect - Microsoft Permissions (Standard Tier)

Requests 6 read-focused permissions. Your client's IT admin adds the SlackBridge bot to Teams manually.

Permission	Type	Purpose
Group.Read.All	Application	List available teams for channel mapping selection
Channel.ReadBasic.All	Application	Fetch channel names and descriptions within teams
Channel.Create	Application	Create the bridged channel in the selected team
ChannelMessage.Read.All	Application	Receive message notifications for real-time relay
Team.ReadBasic.All	Application	Fetch team properties (name, description) for display
User.Read.All	Application	Resolve message author display names and avatars

10.3 Guided Setup - Microsoft Permissions (Advanced Tier)

Includes all 6 standard permissions plus 4 additional permissions for automated bot installation and team management.

Permission	Type	Purpose
Group.Read.All	Application	List available teams for channel mapping selection
Channel.ReadBasic.All	Application	Fetch channel names and descriptions within teams
Channel.Create	Application	Create the bridged channel in the selected team
ChannelMessage.Read.All	Application	Receive message notifications for real-time relay
Team.ReadBasic.All	Application	Fetch team properties (name, description) for display
User.Read.All	Application	Resolve message author display names and avatars
Group.ReadWrite.All Guided Setup only	Application	Manage team settings and channel configuration
AppCatalog.ReadWrite.All Guided Setup only	Application	Upload SlackBridge bot app to your tenant catalog
TeamsAppInstallation.ReadWriteForTeam.All Guided Setup only	Application	Automatically install the bot into selected teams
TeamMember.ReadWrite.All Guided Setup only	Application	Manage team membership for bridge participants

Revocable after setup: The four additional Advanced-tier permissions (Group.ReadWrite.All, AppCatalog.ReadWrite.All, TeamsAppInstallation.ReadWriteForTeam.All, TeamMember.ReadWrite.All) are only exercised during admin-initiated setup operations — they aren't used at runtime. Once initial setup is complete, your tenant administrator can revoke these four permissions in Azure AD → Enterprise Applications → SlackBridge → Permissions and ongoing message bridging continues uninterrupted on the six Standard-tier permissions alone. You would only need to temporarily re-grant them if you later want SlackBridge to auto-create another Team or auto-install a bot manifest update.

Note: Both tiers require admin consent from your Microsoft 365 tenant administrator. All permissions are application-level (not delegated) and follow Microsoft's least-privilege recommendations. SlackBridge does not request ChannelMessage.Send as message delivery is handled securely through the Azure Bot Framework.

11. Security Contact

To report a security vulnerability or request security documentation:

Email: [email protected]
Response Time: Critical issues within 24 hours