Slack Provisioner

Configuring single sign-on in Slack

To allow PingFederate to manage authentication, enable single sign-on (SSO) in Slack.

Configuring SSO in Slack Standard or Plus

If you use Slack Standard or Plus, configure SSO as follows.

About this task

For help, see the Plus plan tab in SAML single sign-on in the Slack documentation.

Steps

  1. Sign on to Slack as a Workspace Owner.

  2. Click your workspace name, and then click Administration → Workspace Settings.

  3. In the navigation pane, click Authentication.

  4. On the Settings & Permissions page, for SAML Authentication, click Configure.

  5. Select Custom SAML 2.0 and click Configure.

  6. In the SAML 2.0 Endpoint (HTTP) field, enter https://pf_host:pf_port/idp/SSO.saml2.

    For example: https://pf.example.com:9031/idp/SSO.saml2

  7. In the Identity Provider Issuer field, enter the SAML 2.0 Entity ID that you created in Enabling provisioning and single sign-on in PingFederate.

  8. In the Public Certificate field, enter the contents of your PingFederate signing certificate.

    To get your certificate, see Exporting a certificate in Managing digital signing certificates and decryption keys in the PingFederate documentation.

  9. Click Save Configuration.

  10. Sign out of Slack, and then sign back on using SSO.

    Result:

    This saves your configuration and sends an email to team members inviting them set up SSO with their Slack accounts.

Configuring SSO in Slack Enterprise Grid

If you use Slack Enterprise Grid, configure SSO as follows.

About this task

For help, see the Enterprise Grid plan tab in SAML single sign-on in the Slack documentation.

Steps

  1. Sign on to Slack Enterprise Grid as a Workspace Owner.

  2. Go to Manage Organization → Security → SSO Settings → Configure SSO.

    A screen recording that shows the dashboard. The user clicks Manage Organization, and then clicks Security.

  3. In the SAML 2.0 Endpoint (HTTP) field, enter https://pf_host:pf_port/idp/SSO.saml2.

    For example: https://pf.example.com:9031/idp/SSO.saml2

  4. In the Identity Provider Issuer field, enter the SAML 2.0 Entity ID that you created in Enabling provisioning and single sign-on in PingFederate.

  5. In the Service Provider Issuer URL, use the default value of https://slack.com.

  6. In the Public (X.509) Certificate field, enter the contents of your PingFederate signing certificate.

    To get your certificate, see Exporting a certificate in Managing digital signing certificates and decryption keys in the PingFederate documentation.

  7. Enable authentication request signing.

    1. Select the Sign the AuthnRequest check box.

    2. Copy the certificate text.

    3. Create a new .crt file on your computer and paste the certificate text.

    4. In PingFederate, import the .crt file as a trusted certificate authority.

    For help, see Managing trusted certificate authorities in the PingFederate documentation.

  8. Clear the Sign the Assertion check box.

    A screenshot that shows the SAML Response Signing section with the correct settings.

  9. Click Test Configuration.

  10. Save your configuration.

  11. Sign out of Slack, and then sign back on using SSO.

    Result:

    This saves your configuration and sends an email to team members inviting them set up SSO with their Slack accounts.