---
title: Configuring single sign-on in Slack
description: To allow PingFederate to manage authentication, enable single sign-on (SSO) in Slack.
component: slack
page_id: slack:setup:pf_slack_connector_configuring_single_sign_on_in_slack
canonical_url: https://docs.pingidentity.com/integrations/slack/setup/pf_slack_connector_configuring_single_sign_on_in_slack.html
revdate: July 8, 2024
section_ids:
  configuring-sso-in-slack-standard-or-plus: Configuring SSO in Slack Standard or Plus
  about-this-task: About this task
  steps: Steps
  result: Result:
  configuring-sso-in-slack-enterprise-grid: Configuring SSO in Slack Enterprise Grid
  about-this-task-2: About this task
  steps-2: Steps
  result-2: Result:
---

# Configuring single sign-on in Slack

To allow PingFederate to manage authentication, enable single sign-on (SSO) in Slack.

## Configuring SSO in Slack Standard or Plus

If you use Slack Standard or Plus, configure SSO as follows.

### About this task

For help, see the [Plus plan](https://slack.com/intl/en-ca/help/articles/203772216-SAML-single-sign-on#plus-plan-1) tab in [SAML single sign-on](https://slack.com/intl/en-ca/help/articles/203772216-SAML-single-sign-on) in the Slack documentation.

### Steps

1. Sign on to Slack as a Workspace Owner.

2. Click your workspace name, and then click **Administration > Workspace Settings**.

3. In the navigation pane, click **Authentication**.

4. On the **Settings & Permissions** page, for **SAML Authentication**, click **Configure**.

5. Select **Custom SAML 2.0** and click **Configure**.

6. In the **SAML 2.0 Endpoint (HTTP)** field, enter `https://pf_host:pf_port/idp/SSO.saml2`.

   For example: `https://pf.example.com:9031/idp/SSO.saml2`

7. In the **Identity Provider Issuer** field, enter the **SAML 2.0 Entity ID** that you created in [Enabling provisioning and single sign-on in PingFederate](pf_slack_connector_enabling_provisioning_and_single_sign_on_in_pf.html).

8. In the **Public Certificate** field, enter the contents of your PingFederate signing certificate.

   To get your certificate, see **Exporting a certificate** in [Managing digital signing certificates and decryption keys](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_certmanagementtasklet_dsigsigningcert_certmanagementstate.html) in the PingFederate documentation.

9. Click **Save Configuration**.

10. Sign out of Slack, and then sign back on using SSO.

    #### Result:

    This saves your configuration and sends an email to team members inviting them set up SSO with their Slack accounts.

## Configuring SSO in Slack Enterprise Grid

If you use Slack Enterprise Grid, configure SSO as follows.

### About this task

For help, see the [Enterprise Grid plan](https://slack.com/intl/en-ca/help/articles/203772216-SAML-single-sign-on#enterprise-grid-plan-1) tab in [SAML single sign-on](https://slack.com/intl/en-ca/help/articles/203772216-SAML-single-sign-on) in the Slack documentation.

### Steps

1. Sign on to Slack Enterprise Grid as a Workspace Owner.

2. Go to **Manage Organization > Security > SSO Settings > Configure SSO**.

   ![A screen recording that shows the dashboard. The user clicks Manage Organization, and then clicks Security.](_images/fvm1617230085096.gif)

3. In the **SAML 2.0 Endpoint (HTTP)** field, enter `https://pf_host:pf_port/idp/SSO.saml2`.

   For example: `https://pf.example.com:9031/idp/SSO.saml2`

4. In the **Identity Provider Issuer** field, enter the **SAML 2.0 Entity ID** that you created in [Enabling provisioning and single sign-on in PingFederate](pf_slack_connector_enabling_provisioning_and_single_sign_on_in_pf.html).

5. In the **Service Provider Issuer URL**, use the default value of **<https://slack.com>**.

6. In the **Public (X.509) Certificate** field, enter the contents of your PingFederate signing certificate.

   To get your certificate, see **Exporting a certificate** in [Managing digital signing certificates and decryption keys](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_certmanagementtasklet_dsigsigningcert_certmanagementstate.html) in the PingFederate documentation.

7. Enable authentication request signing.

   1. Select the **Sign the AuthnRequest** check box.

   2. Copy the certificate text.

   3. Create a new `.crt` file on your computer and paste the certificate text.

   4. In PingFederate, import the `.crt` file as a trusted certificate authority.

   For help, see [Manage trusted certificate authorities](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_certmanagementtasklet_trustedcas_certmanagementstate.html) in the PingFederate documentation.

8. Clear the **Sign the Assertion** check box.

   ![A screenshot that shows the SAML Response Signing section with the correct settings.](_images/bdv1617989116378.jpg)

9. Click **Test Configuration**.

10. Save your configuration.

11. Sign out of Slack, and then sign back on using SSO.

    #### Result:

    This saves your configuration and sends an email to team members inviting them set up SSO with their Slack accounts.