Capabilities overview
Slack is the single workspace that connects you with the people and tools you work with everyday, no matter where you are or what you do. With Slack you get real-time messaging, a searchable record of all your files and conversations, and dynamic integrations with handy bots and apps. Now everyone can finally be on the same page and get their work done.
Supported capability | Required plan | Details |
---|---|---|
Passwordless SSO | Business+ | High SSO tax |
Automated provisioning | Business+ | SCIM 1.1 (create, remove, update accounts) |
Prerequisites
In order to integrate idemeum with Slack you will first need to obtain SAML metadata parameters for your idemeum tenant. Specifically you will need:
- Identity Provide Entity ID
- Identity Provider SSO URL
- Public X509 Certificate (PEM format)
Instructions for how to obtain these SAML metadata parameters are below.
Passwordless Single Sign-On (SAML)
Configure SSO in idemeum
- Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
- Click Applications in the left menu
- Search for Slack application and click Add App
- Click SAML at the top navigation menu
- If you are on a Business+ plan all you will have to do is to enter your slack workspace name
- If you are on Enterprise plan expand the advanced section and replace pre-populated Assertion Consumer Service URL with https://${config.slackTeam}.enterprise.slack.com/sso/saml
- Click Save
Configure SSO in Slack
- Navigate to your Slack workspace home page
- In the Administration section click Authentication
- Click Configure for SAML authentication
Now you will be using idemeum metadata values obtained in the prerequisites section.
- Enter Identity Provider SSO URL into SAML 2.0 Endpoint (HTTP)
- Enter Identity Provider Entity ID into Identity Provider Issuer
- Enter Identity Provider Public X509 certificate into Public Certificate
- Scroll down and click on Expand for Advanced Options
- Make sure you have only Assertions Signed option available
- Scroll further down and set SAML authentication as optional. We recommend going with optional configuration until SAML integration is fully tested. This way users can login both with password and SSO.
- Scroll down and click Save
Automated provisioning with SCIM
- Navigate to idemeum admin portal and access Slack application
- Click Provisioning
- In the pop up you will need to Authorize idemeum to create slack accounts for your employees. Enter credentials and approve access. Once approved, you will see a green checkbox next to the Authorize button.
- Click Save
Application entitlements
Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.
SAML SSO login flows
Slack supports both:
- IDP Initiated Flow
- SP Initiated Flow
IDP Initiated flow
With this flow users first navigate to idemeum user catalog and then click on Slack icon to launch application.
SP Initiated flow
With this flow users can directly go to Slack and login with passwordless SSO.
- Navigate to your slack workspace at https://yourDomain.slack.com
- You will be presented with an option to log with SAML