> ## Documentation Index
> Fetch the complete documentation index at: https://docs.accessowl.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage access with Claude Tag in Slack

> What to ask Claude Tag once it is connected to AccessOwl: access requests, reports, cleanup, and vendor updates in plain English.

Once [Claude Tag in Slack is connected to AccessOwl](/guides/ai/claude-in-slack), your team
handles day-to-day access work by mentioning `@Claude` in a channel, in their own words.
There is no syntax to learn: describe what you need the way you would ask a colleague.
This page shows what that looks like, using an HR channel as the running example.

Two things stay true for everything on this page:

* Claude **requests**; it never grants. Every request follows your
  [approval policies](/guides/requests/approval-policies), and everything shows up in
  AccessOwl as usual, so your audit trail stays complete.
* Claude confirms before creating anything. Read-only questions are answered directly.

## What a conversation looks like

AccessOwl already announces new joiners and leavers in your
[HR Slack notification channel](/guides/onboarding-offboarding/onboarding). Invite Claude
into that channel, and the announcement and the follow-up work live in one thread:

> **You:** @Claude Maria starts Monday in Marketing. She needs Slack, Notion, and a
> HubSpot Marketing seat.
>
> **Claude:** Ready to submit access requests for Maria Schmidt:
>
> * Slack: Member
> * Notion: Member
> * HubSpot: Marketing seat
>
> OK to submit?
>
> **You:** yes
>
> **Claude:** Done. I submitted 3 access requests for Maria. They now go through your
> normal approval flow.

Claude looked up the user, checked which roles each application offers, and asked before
creating anything. If an application requires a mandatory resource such as a seat, Claude
asks which one to include instead of guessing.

## What you can ask

<Tabs>
  <Tab title="Access requests">
    | You say                                                                  | Claude does                                                                               |
    | :----------------------------------------------------------------------- | :---------------------------------------------------------------------------------------- |
    | "Give Tom the same access as Lisa."                                      | Shows Lisa's access, asks all or only some, skips what Tom already has, requests the rest |
    | "Request a HubSpot Marketing seat for Tom."                              | Creates the request with the exact seat                                                   |
    | "Jan moved to Sales. He needs Salesforce with the Sales permission set." | Creates the request for the new role                                                      |
    | "What roles can be requested for HubSpot?"                               | Lists the application's requestable roles and permissions                                 |

    <Frame caption="Giving someone the same access as a colleague">
      <video autoPlay className="w-full aspect-video rounded-xl" src="https://mintcdn.com/accessowl/ec8gOtBEjAju-Dbj/images/videos/claude-tag-clone-access.mp4?fit=max&auto=format&n=ec8gOtBEjAju-Dbj&q=85&s=32d951d9abb5e7038f88de3a395310a1" data-path="images/videos/claude-tag-clone-access.mp4" />
    </Frame>
  </Tab>

  <Tab title="Quick answers">
    | You ask                                          | Claude answers with                        |
    | :----------------------------------------------- | :----------------------------------------- |
    | "What does Maria have access to?"                | Her applications and roles, as a table     |
    | "Does Jan have Figma?"                           | A direct yes or no, with the role          |
    | "Who has 1Password, grouped by role?"            | A count and breakdown by role              |
    | "Who has admin permissions in Google Workspace?" | Everyone holding an admin-level permission |
    | "Everyone in Marketing without HubSpot."         | The gap between a team and an application  |

    Answers come from what is recorded in AccessOwl: who holds which access, since when,
    and through which role. Claude cannot tell you who actively *uses* an application,
    only who has access to it.

    <Frame caption="Who has access, grouped by permission level?">
      <video autoPlay className="w-full aspect-video rounded-xl" src="https://mintcdn.com/accessowl/ec8gOtBEjAju-Dbj/images/videos/claude-tag-group-by-role.mp4?fit=max&auto=format&n=ec8gOtBEjAju-Dbj&q=85&s=df3a246f50f6c46c1acc230cc6bb0e40" data-path="images/videos/claude-tag-group-by-role.mp4" />
    </Frame>
  </Tab>

  <Tab title="Request revocations">
    | You say                                                        | Claude does                                                                 |
    | :------------------------------------------------------------- | :-------------------------------------------------------------------------- |
    | "What does Jan still have access to?" then "Revoke all of it." | Lists the access, asks for a reason, confirms, then creates the revocations |
    | "Tom no longer needs his HubSpot seat."                        | Creates one revocation request after confirming                             |
    | "The access review flagged Maria's Figma access, revoke it."   | Turns a review finding into a revocation request                            |

    What happens after a revocation depends on the application: AccessOwl processes some
    removals itself, and for the others the Application Admin receives their usual
    revocation task. See [Offboarding](/guides/onboarding-offboarding/offboarding) for how
    revocations behave.
  </Tab>

  <Tab title="User list imports">
    | You say                                                                                    | Claude does                                                                                                                    |
    | :----------------------------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------- |
    | "Here's our ChatGPT user export, get it ready for the AccessOwl import." (attach the file) | Checks every value against the application's real roles, fixes naming mismatches, flags decisions, returns an import-ready CSV |
    | "Which rows in this file won't import, and why?"                                           | A per-row report against the application's structure                                                                           |

    Applications without automatic user sync are seeded through the
    [userlist import](/guides/applications/applications-overview): open the application,
    click **Edit**, then **Import**, and upload the file Claude prepared.
  </Tab>

  <Tab title="Vendor details">
    | You say                                                                                      | Claude does                                           |
    | :------------------------------------------------------------------------------------------- | :---------------------------------------------------- |
    | "Set the risk level for Zoom and Miro to medium and record today as the vendor review date." | Updates both applications' Vendor Details in one pass |
    | "Zoom is SOC 2 Type II and ISO 27001 certified, store that."                                 | Records the certificates on the application           |

    <Frame caption="Recording risk level and vendor review details">
      <video autoPlay className="w-full aspect-video rounded-xl" src="https://mintcdn.com/accessowl/ec8gOtBEjAju-Dbj/images/videos/claude-tag-vendor-details.mp4?fit=max&auto=format&n=ec8gOtBEjAju-Dbj&q=85&s=8292324ca3661897c88cfaf838f65b79" data-path="images/videos/claude-tag-vendor-details.mp4" />
    </Frame>
  </Tab>

  <Tab title="Discovered apps">
    | You ask                                        | Claude answers with                                                         |
    | :--------------------------------------------- | :-------------------------------------------------------------------------- |
    | "Which apps has AccessOwl discovered?"         | The unmanaged apps AccessOwl detected, with how many people show up on each |
    | "What apps has AccessOwl discovered for Mike?" | The apps and when each was discovered                                       |
    | "Who shows up on Notion?"                      | The people and their discovered-since dates                                 |

    <Frame caption="Which apps has AccessOwl discovered?">
      <video autoPlay className="w-full aspect-video rounded-xl" src="https://mintcdn.com/accessowl/ec8gOtBEjAju-Dbj/images/videos/claude-tag-discovered-apps.mp4?fit=max&auto=format&n=ec8gOtBEjAju-Dbj&q=85&s=c9c12652a2b74c47b858cfbd5307f1ec" data-path="images/videos/claude-tag-discovered-apps.mp4" />
    </Frame>
  </Tab>

  <Tab title="Approval policies">
    | You say                                                       | Claude does                               |
    | :------------------------------------------------------------ | :---------------------------------------- |
    | "Which policy covers Salesforce?"                             | Names the policy, or the Default fallback |
    | "Add HubSpot and Notion to our Critical Applications policy." | Moves the applications after confirming   |

    Creating a policy and choosing who approves stays in AccessOwl under
    **Settings → Policies**.
  </Tab>
</Tabs>

## Best practices

* **Keep the channel small.** Everyone in the channel acts with the same Org Admin
  permissions. Use a private channel for IT and HR.
* **Be specific about people.** Use email addresses when two colleagues share a name.
* **Let approvals stay with your approvers.** Claude creates requests only; approving
  them happens in your normal flow, in Slack or the AccessOwl interface.
* **Speak naturally.** The phrasings above are examples, not commands. "Tom needs
  Notion" works just as well as a formal request.

<AccordionGroup>
  <Accordion title="Can Claude approve access requests?">
    Don't set it up that way. The API token acts as an Org Admin, so Claude could grant a
    request if told to explicitly, but approvals are your control point. Let Claude create
    requests and leave approving them to your managers and Business Owners in the normal
    flow.
  </Accordion>

  <Accordion title="Does this work in direct messages with Claude?">
    Connections set up through an Access bundle apply to channels. For access work, use
    a channel that Claude has been invited to.
  </Accordion>

  <Accordion title="What if Claude can't find a user or application?">
    Claude can only see what exists in AccessOwl. Users come from your connected
    directory, and applications are added in AccessOwl, where you can pick them from the
    catalog and connect an integration.
  </Accordion>
</AccordionGroup>
