G Suite single sign-on

G Suite authentication (OAuth 2.0) lets all members sign in to Slack using their G Suite accounts. Here, we'll tell you how to set up G Suite authentication to allow anyone with an email account in your G Suite domain to join your Slack workspace.


Set up G Suite authentication

Standard and Plus plans 

Enterprise Grid plan

Workspace Owners can access SSO settings. Here's how:

  1. From your desktop, click your workspace name in the top left.
  2. Select Workspace Settings from the menu. This will open your workspace site.
  3. Next, click Configure for Google Apps authentication.
  4. Choose your authentication Settings. Visit Guide to single sign-on settings article for more.
  5. Click Save and Authenticate. You will be asked to authenticate with your G Suite account.

G Suite SAML

On the Plus plan, you can set up SAML-based single sign-on by enabling the Slack SAML app from a Google Admin account. With SAML SSO, members will need to have accounts already set up in your workspace to log in using their Google accounts. 

Google Admins who would like to use SAML-based authentication can find the Slack SAML app under Apps in your Google Admin console dashboard.

💡 For more, read Google as a SAML identity provider for Slack.

G Suite SAML

As a first step, Org Owners and Admins should configure identity provider by enabling the Slack SAML app from a Google Admin account. With SAML SSO, members will need to have accounts already set up in your Enterprise Grid organization to log in using their Google accounts.

Google Admins who would like to use SAML-based authentication can find the Slack SAML app under Apps in your Google Admin console dashboard. 

💡 For more, read Google as a SAML identity provider for Slack.

Note: When asked for ACS - URL, enter your Enterprise Grid org's URL (e.g., https://domain.enterprise.slack.com/sso/saml).


Next, set up SSO for your organization: 

  1. From your desktop, sign in to your Slack Enterprise Grid, then click Manage Organization.
  2. Visit the  Security page of the Admin Dashboard.
  3. In the SSO Configuration section, click Configure SSO.


Provisioning and deprovisioning

Google Admins using SAML-based single sign-on can control member provisioning from the Slack SAML app, found under Apps in their Admin console dashboard.

  • Provisioning
    Slack supports just-in-time provisioning. This lets members create new accounts the first time they sign in to Slack using G Suite authentication.
  • Deprovisioning
    If someone has left the company and you’d like to restrict their access, a Workspace Owner or Admin must deactivate their account from the Members page.


After G Suite is enabled

Members can continue to go to your workspace's URL to sign in after G Suite is enabled.

  • New members 
    New members can create an account on your workspace as long as they have access to an email address that has been whitelisted. To get started, members can simply click create an account and follow the steps.

  • Existing members 
    Existing members will receive an SSO binding email to authenticate their accounts. Once members complete binding their accounts, they can sign in by going to your workspace's URL and use their G Suite credentials.

💡 To learn more, visit Connect your SSO account with Slack.

 

Domain whitelisting

If you’d like to add additional domains to your whitelist, so members with those domains can easily create accounts, send us a note! We’d be happy to help add (or remove) them for you.

Switching domains? On the Standard and Plus plans, clicking the Switch Domains button will prompt you to choose another Google account. All members will be sent an email to link their accounts.

 

Who can use this feature?
  • Workspace Owners/Admins and Org Owners/Admins can access this feature. 
  • Available on the StandardPlus, and Enterprise Grid plans.

Related Articles

Recently Viewed Articles