Slack Provisioner

Configuring SSO in Slack Enterprise Grid

If you use Slack Enterprise Grid, configure SSO as follows.

About this task

For help, see the Enterprise Grid plan tab in SAML single sign-on in the Slack documentation.

Steps

  1. Sign on to Slack Enterprise Grid as a Workspace Owner.

  2. Go to Manage Organization > Security > SSO Settings > Configure SSO.

    A screen recording that shows the dashboard. The user clicks Manage Organization, and then clicks Security.

  3. In the SAML 2.0 Endpoint (HTTP) field, enter https://pf_host:pf_port/idp/SSO.saml2.

    For example: https://pf.example.com:9031/idp/SSO.saml2

  4. In the Identity Provider Issuer field, enter the SAML 2.0 Entity ID that you created in Enabling provisioning and single sign-on in PingFederate.

  5. In the Service Provider Issuer URL, use the default value of https://slack.com.

  6. In the Public (X.509) Certificate field, enter the contents of your PingFederate signing certificate.

    To get your certificate, see Exporting a certificate in Managing digital signing certificates and decryption keys in the PingFederate documentation.

  7. Enable authentication request signing.

    1. Select the Sign the AuthnRequest check box.

    2. Copy the certificate text.

    3. Create a new .crt file on your computer and paste the certificate text.

    4. In PingFederate, import the .crt file as a trusted certificate authority.

    For help, see Manage trusted certificate authorities in the PingFederate documentation.

  8. Clear the Sign the Assertion check box.

    A screenshot that shows the SAML Response Signing section with the correct settings.

  9. Click Test Configuration.

  10. Save your configuration.

  11. Sign out of Slack, and then sign back on using SSO.

    Result:

    This saves your configuration and sends an email to team members inviting them set up SSO with their Slack accounts.