Creating a Slack connection

Use a Slack connection to enable provisioning from PingOne to the Slack user directory.

Before you begin

Make sure you have:

A Slack Workspace Owner account. Learn more in Types of roles in Slack in the Slack documentation.
The OAuth2 Access Token for the connected application. You can use the Ping Identity OAuth Configuration Service (OCS) to get the token. Learn more in Getting a Slack API access token.
Reviewed the provisioning information in the Slack documentation. Learn more in Manage members with SCIM Provisioning.

Steps

In the PingOne admin console, go to Integrations > Provisioning.
Click and then click New Connection.
On the Identity Store line, click Select.
On the Slack tile, click Select,. Click Next.
Enter a name and description for this provisioning connection.

Result:

The connection name appears in the provisioning list after you save the connection.
Click Next.
In the Configure Authentication section, in the OAuth2 Access Token field, enter the access token from Slack for the connected application.

You can use the Ping Identity OAuth Configuration Service (OCS) to get the token. Learn more in Getting a Slack API access token.
Click Test Connection to verify that PingOne can establish a connection to Slack.

Result:

If there are any issues with the connection, a Test Connection Failed modal opens. Click Continue to resume the setup with an invalid connection.

You can’t use the connection for provisioning until you’ve established a valid connection to Slack. To retry, click Cancel in the Test Connection Failed modal and repeat step 7.

Troubleshooting:

Learn more about troubleshooting your connection in Troubleshooting test connection failure.

In the Configure Preferences and Users Actions sections, configure the following:

Field Description

Unique User Identifier

Determines how to identify a unique user. Select primaryEmail or userName.

Group Membership Handling

Determines whether to update or replace target groups with PingOne memberships. Select Merge or Overwrite.

Merging or overwriting memberships only applies to SCIM, Slack, and GitHub EMU provisioning connections.

Enable users creation

Determines whether to create a user in the target identity store when the user is created in the source identity store.

Enable users updation

Determines whether to update user attributes in the target identity store when the user is updated in the source identity store.

If Enable users updation is selected, you can choose to select Enable users disable which determines whether to disable a user in the target identity store when the user is disabled in the source identity store.

Enable users deprovision

Determines whether to deprovision a user in the target identity store when the user is deprovisioned in the source identity store.

If Enable users deprovision is selected, the following configurations appear.

Remove Action: Determines whether to remove or disable a user in the target identity store when the user is deleted in the source identity store. Select Delete or Disable.

Remove Action is only available if you select Enable users disable.
Deprovision on rule deletion: Determines whether to deprovision users if the associated provisioning rule is deleted.

Click Save.
To enable the connection, click the toggle at the top of the details panel to the right (blue).

You can disable the connection by clicking the toggle to the left (gray).

Result

The Slack provisioning connection is added to the list of connections on the Provisioning page.

Next steps

Sync group members out of PingOne into a software as a service (SaaS) application. Learn more in Configuring outbound group provisioning.

Slack provisioning features

Provision users from the PingOne identity store to a Slack identity store.

The provisioner offers the following features:

Supports all Slack plans, including Standard, Plus, and Enterprise Grid.
Manages users in Slack based on changes in an external datastore:
- Creates, updates, and disables users.
- Enable the create, update, and disable capabilities independently.
- Choose to disable users when deprovisioning.
Supports outbound group provisioning.

Slack attribute mapping

The following table lists common Slack user attributes that can be mapped to PingOne user attributes for user provisioning.

Attribute	Description
userName	The user’s username and Slack login.
displayName	The user’s nickname in the PingOne identity store.
givenName	The user’s first name.
familyName	The user’s last name.
primaryEmail	The user’s email address.
active	The status of the user account in Slack.

Attribute

Description

userName

The user’s username and Slack login.

displayName

The user’s nickname in the PingOne identity store.

givenName

The user’s first name.

familyName

The user’s last name.

primaryEmail

The user’s email address.

active

The status of the user account in Slack.

Slack provisioning known limitations

The following are known limitations with Slack user provisioning.

Some user attributes in the Slack directory cannot be cleared after they are set.
Membership sync status for a group shows success even if a disabled user is added to a group in group provisioning.

PingOne