Slack

Capabilities overview

Slack is the single workspace that connects you with the people and tools you work with everyday, no matter where you are or what you do. With Slack you get real-time messaging, a searchable record of all your files and conversations, and dynamic integrations with handy bots and apps. Now everyone can finally be on the same page and get their work done.

Slack pricing page

Supported capability Required plan Details
Passwordless SSO Business+ High SSO tax
Automated provisioning Business+ SCIM 1.1 (create, remove, update accounts)

Prerequisites

In order to integrate idemeum with Slack you will first need to obtain SAML metadata parameters for your idemeum tenant. Specifically you will need:

  • Identity Provide Entity ID
  • Identity Provider SSO URL
  • Public X509 Certificate (PEM format)

Instructions for how to obtain these SAML metadata parameters are below.

How to obtain SAML metadata for idemeum
SAML metadata is the data that describes the information needed to communicate between your SaaS application and idemeum in order to enable Single Sign-On. Based on SAML terminology SaaS application is called Service Provider (SP) and idemeum will be Identity Provider (IDP). Typically you will be a…

Passwordless Single Sign-On (SAML)

Configure SSO in idemeum

  • Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
  • Click Applications in the left menu
  • Search for Slack application and click Add App
  • Click SAML at the top navigation menu
  • If you are on a Business+ plan all you will have to do is to enter your slack workspace name
  • If you are on Enterprise plan expand the advanced section and replace pre-populated Assertion Consumer Service URL with https://${config.slackTeam}.enterprise.slack.com/sso/saml
  • Click Save

Configure SSO in Slack

  • Navigate to your Slack workspace home page
  • In the Administration section click Authentication
  • Click Configure for SAML authentication
Now you will be using idemeum metadata values obtained in the prerequisites section.
  • Enter Identity Provider SSO URL into SAML 2.0 Endpoint (HTTP)
  • Enter Identity Provider Entity ID into Identity Provider Issuer
  • Enter Identity Provider Public X509 certificate into Public Certificate
  • Scroll down and click on Expand for Advanced Options
  • Make sure you have only Assertions Signed option available
  • Scroll further down and set SAML authentication as optional. We recommend going with optional configuration until SAML integration is fully tested. This way users can login both with password and SSO.
  • Scroll down and click Save

Automated provisioning with SCIM

  • Navigate to idemeum admin portal and access Slack application
  • Click Provisioning
  • In the pop up you will need to Authorize idemeum to create slack accounts for your employees. Enter credentials and approve access. Once approved, you will see a green checkbox next to the Authorize button.
  • Click Save

Application entitlements

Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.


SAML SSO login flows

Slack supports both:

  • IDP Initiated Flow
  • SP Initiated Flow

IDP Initiated flow

With this flow users first navigate to idemeum user catalog and then click on Slack icon to launch application.

SP Initiated flow

With this flow users can directly go to Slack and login with passwordless SSO.

  • Navigate to your slack workspace at https://yourDomain.slack.com
  • You will be presented with an option to log  with SAML