• Link PingOne to an identity repository containing the users requiring application access.
  • You must have administrative access to PingOne and Slack.
  1. Set up the Slack application in PingOne:
    1. Sign on to PingOne for Enterprise and go to Applications > Application Catalog.
    2. Search for Slack.

      Screen capture showing a search for Slack in the application catalog. The search results list shows the results for Slack.
    3. Expand the Slack entry and click the Setup icon.
    4. Copy theIssuer and IdP ID values.
    5. Download the signing certificate.

      Screen capture showing how to download the signing certificate.
    6. Click Continue to Next Step.
    7. Set ACS URL to https://<Your slack domain>.slack.com/sso/saml.
    8. Click Continue to Next Step.
    9. In the Attribute Mapping section, map the attributes to the corresponding attributes in your userstore.

      Screen capture showing how to map the application attributes to the corresponding attributes in your userstore.
    10. In the SAML_SUBJECT row, click Advanced.
    11. In the NameID Format to send to SP field, enter urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
    12. Click Save.

      Screen capture showing the advanced attribute options and where to enter the Name ID Format to send to the SP.
    13. Click Continue to Next Step.
    14. Click Add for each user group that should have access to Slack.

      Screen capture showing how to add user groups that should have access to Slack.
    15. Click Continue to Next Step.
    16. Click Finish.
  2. Add the PingOne IdP connection to Slack:
    1. Sign on to your Slack Admin account as an administrator.
    2. Go to Settings & Administration > Workspace Settings.

      Screen capture showing how to select Workspace settings in the Settings and administration menu.
    3. Click the Authentication tab.
    4. In the Configure an authentication method section, on the SAML authentication line, click Configure.

      Screen capture showing where to click the Configure button to begin configuring the SAML authentication method.
    5. If prompted, enter your password to continue.
    6. In the SAML 2.0 Endpoint (HTTP) field, enter https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<PingOne IdP ID value>.
    7. In the Identity Provider Issuer field, enter <PingOne Issuer value>.
    8. In the Public Certificate field, paste in the contents of the PingOne signing certificate.

      Screen capture showing where to paste the SAML 2.0 Endpoint, the Identity Provider Issuer, and the PingOne signing certificate.
    9. Expand the Advanced Options section and clear the Responses Signed check box.

      Screen capture showing where to clear the Responses Signed check box in the Advanced Options section.
    10. In the Settings section, select the It’s optional check box for the authentication setting.
      Note:

      You can change the authentication setting to your desired value after testing has been completed.


      Screen capture showing where to select It's Optional in the authentication settings.
    11. Click Save Configuration.

      Screen capture of the Customize section. The Sign in Button Label and Button Preview are here to custmomize. The Save Configuration button is highlighted.
  3. Test the PingOne IdP-initiated SSO integration:
    1. Go to your Ping desktop as a user with Slack access.
      Note:

      To find the Ping desktop URL in the Admin console, go to Setup > Dock > PingOne Dock URL.

    2. Complete the PingOne authentication.

      Screen capture showing the Ping Identity Sign On screen.

      Screen capture showing the new Slack application.
      You're redirected to your Slack domain.
      Note:

      If the user doesn’t exist in Slack, you are prompted to accept the Slack terms.

  4. Test the PingOne SP-initiated SSO integration:
    1. Go to your Slack domain, https://Your Domain.slack.com.
    2. Click Sign in with PingOne.

      Screen capture showing the Slack domain's sign in screen with the Sign in with PingOne button.
    3. After you're redirected to PingOne, enter your PingOne username and password.

      Screen capture showing the Ping Identity Sign On screen.
      After successful authentication, you're redirected back to Slack.
      Note:

      If the user doesn’t exist in Slack, you are prompted to accept the Slack terms.


      Screen capture showing the new Slack application.
After successful testing, you can change the Slack It’s optional authentication setting as necessary.