SAML single sign-on

SAML-based single sign-on (SSO) gives members access to Slack through an identity provider (IdP) of your choice.

Note: We also offer guides to help you set up custom SAML single sign-on or ADFS single sign-on

Step 1: Configure your identity provider

To get started, you’ll need to set up a connection (or connector) for Slack with your IdP. Many providers we work with have created help pages for enabling SAML with Slack: 

Want to use G Suite Auth? Read our G Suite single sign-on guide.

Step 2: Set up SAML SSO for Slack

Plus subscription

Enterprise Grid subscription

Now that you’ve configured your identity provider (IdP), a workspace owner or admin can enable the SSO feature in Slack.

  1. From your desktop, click your workspace name in the top left.
  2. Select Administration, then Workspace settings from the menu.
  3. Click the Authentication tab. 
  4. Click Configure next to SAML authentication.
  5. In the top right, toggle Test mode on.
  6. Next to SAML SSO URL, enter your SAML 2.0 endpoint URL (HTTP). (This came from setting up your connector. If Okta is your IdP, you can include the IdP URL instead if you like.)
  7. Enter your IdP entity ID next to Identity provider issuer
  8. Copy the entire x.509 Certificate from your identity provider and paste it into the Public certificate field.
  9. Click Expand next to Advanced options. Choose how the SAML response from your IdP is signed. If you need an end-to-end encryption key, tick the box next to Sign AuthnRequest to show the certificate.
  10. Under Settings, decide whether members can edit their profile information (like their email or display name) after SSO is enabled. You can also choose whether SSO is required, partially required* or optional.
  11. Under Customise, enter a Sign in button label.
  12. Select Save configurationto finish.

*If you have guest accounts, we recommend choosing the option where SSO is partially required, so guests can still sign in using their email address and password.

Now that you’ve configured your identity provider (IdP), an org owner or admin can enable the SSO feature on your Enterprise Grid organisation:

  1. From your desktop, click your workspace name in the top left.
  2. Select Administration, then Organisation settings from the menu.
  3. Click Security in the left-hand column.
  4. In the SSO configuration section, click Configure SSO.
  5. Enter your SAML 2.0 endpoint URL (this came from setting up your connector earlier). This is where authentication requests from Slack will be sent.
  6. Enter your Identity provider issuer URL (also known as the entity ID). 
  7. The Service provider issuer URL is set to by default. This field should match what you’ve set in your IdP.
  8. Copy the entire x.509 certificate from your identity provider.
  9. Choose whether the SAML responses and assertions are signed. If you require an end-to-end encryption key for your IdP, select the tick box next to Sign AuthnRequest to show the certificate. You can also select your preference for AuthnContextClassRef values.
  10. Click Test configuration. We’ll let you know if the changes are successful or whether you need to make further changes. 
  11. Once you’re ready, click Turn on SSO

Tip:  Now that you’ve set up SSO, learn how to connect IdP groups to workspaces in your organisation.

What to expect after SSO is enabled

Once you’ve set up SSO, each member of your workspace or org will get an email. The email will prompt members to connect, or bind, their Slack accounts with your IdP. Members will have 72 hours to bind their account before their link expires.

Going forward, all members will sign in to Slack with their IdP account. If you chose to require SSO, your members will see a sign-in page before they can access your workspace.

Tip:  To simplify member management, Slack supports the SCIM provisioning standard. See Manage members with SCIM provisioning to learn more.

Who can use this feature?
  • Only workspace owners/admins and org owners/admins can set up this feature.
  • Available to workspaces on the Plus subscription and Slack Enterprise Grid.

Related articles

Recently viewed articles