G Suite single sign-on
G Suite authentication (OAuth 2.0) allows all members to sign in to Slack using their G Suite accounts.
There are two ways to use single sign-on with G Suite:
- by enabling G Suite authentication in your Slack app, or
- by enabling the Slack SAML app from a Google Admin account.
Here, we'll tell you how to set up G Suite authentication to enable anyone with an email account in your G Suite domain to join your Slack workspace.
If you choose to enable SAML-based SSO, only members with accounts already set up in your Slack workspace will be able to log in using their Google account. If you're a Google Admin and would like to use SAML-based authentication instead, you can find the Slack SAML app under Apps in your Admin console dashboard.
Set up G Suite authentication
- Go to the Workspace Settings page at https://my.slack.com/admin/settings.
- Click the Authentication tab.
- Next, click Configure for Google Apps authentication.
- Choose your authentication Settings. Visit Guide to single sign-on with Slack article for more.
- Click Save and Authenticate. You will be asked to authenticate with your G Suite account. Once done, G Suite authentication is enabled!
Tip: If you have Guest accounts on your workspace, we recommend choosing the option where SSO is partially required, so those members can still access your workspace.
Don't forget! With G Suite authentication turned on, anyone in your organization with access to a whitelisted G Suite domain email address can sign-up for an account on your Slack workspace.
User account provisioning and deprovisioning
Slack supports just-in-time provisioning. This allows your members to create new accounts on the fly, the first time they log into Slack using G Suite authentication.
If a member has left your team, and you’d like to restrict their login access, an Admin or Owner will need to deactivate their account from the Members page in Slack.
Note: Google Admins using SAML-based single sign-on can control user provisioning from the Slack SAML app, found under Apps in their Admin console dashboard.
After G Suite is enabled
Members can continue to go to your workspace's Slack URL to sign in after G Suite is enabled.
- New members
New members can create an account on your workspace as long as they have access to an email address that has been whitelisted. To get started, members can simply click create an account and follow the steps.
- Existing members
Existing members will receive an SSO binding email to authenticate their accounts. Once members complete binding their accounts, they can sign in by going to your workspace's URL and use their G Suite credentials.
Note: To learn more, visit Connect your SSO account with Slack.
If you’d like to add additional domains to your whitelist, so members with those domains can easily create accounts on your workspace, send us a note! We’d be happy to help add (or remove) them for you.
Switching domains? Clicking the Switch Domains button will prompt you to choose another Google account. All members will be sent an email to link their accounts.
- Workspace Owners and Admins can make this feature available to all members.
- Available to workspaces on the Standard and Plus plans.