ADFS single sign-on

You can integrate your Active Directory Federation Services (ADFS) instance to help manage seamless single sign-on for your members.


Step 1 — Set up ADFS for Slack

Let's get started: 

  1. Open the ADFS management console, then click the Identifiers tab.
  2. Enter your Display name. Most put their Slack team or Enterprise Grid name here.
  3. Enter your Relying party identifier. For teams that want to add Slack, enter https://slack.com. You can customize this field, if you need to, but you’ll also need to update the Identity Provider Issuer field. To find it, go to Settings & Permissions, click the Authentication tab, then click Configure next to SAML authentication.
  4. Click Add, then OK to proceed. 
    ADFS.png
  5. Click to the Endpoints tab. To create an endpoint to your consumer assertion URL, choose the SAML Assertion Consumer option found in the Endpoint type menu. Choose the value that matches your plan below, and enter it into the Trusted URL field, replacing "teamname" with your Slack subdomain. 

    •  Plus plan: 
    https://teamname.slack.com/sso/saml
    •  Slack Enterprise Grid: https://teamname.enterprise.slack.com/sso/saml

    Click
    OK to save.

  6. Next, you'll create rules, or assertion claims, for your relying party trust — in this case, your Slack team or Enterprise Grid. Slack only receives the outgoing claim type attributes and values, so the list of attributes might look different. Keep in mind, you will need two claims: one for Slack Attributes and one for NameID.
  7. Click Add Rule. Only the outgoing claim type User.Email is required. Create a rule to send LDAP attributes as claims. Remember, outgoing claim types are case sensitive. 

  8. Next, create another rule to transform an incoming claim.

    Open the required NameID claim rule, and change the outgoing name ID format to Persistent Identifier. Then, click OK to save. 

 

Step 2 — Integrate Slack with your IDP

Plus plan

Slack Enterprise Grid

Next, add ADFS details to your Slack team’s authentication settings.

Here’s how:

  1. Click your team name to open the Team Menu.
  2. Select Team settings. This will open your team site.
  3. Click Authentication, then click Configure next to SAML authentication (OneLogin, Okta, or your custom SAML 2.0 solution).
  4. Enter your SAML 2.0 Endpoint (HTTP).

  5. In the Public Certificate field, copy and paste your entire x.509 Certificate. 
  6. To set up more than one relying party trust with Slack, expand the Advanced Options menu. Beside AuthnContextClass Ref, choose PasswordProtectedTransport and windows (use with ADFS for internal/external authentication). Then, enter your unique Service Provider Issuer.
    Screen_Shot_2017-03-28_at_4.33.51_PM.png
  7. Click Save.

Next, you'll need to add ADFS details to your Enterprise Grid organization's authentication settings. 

Here’s how:

  1. Sign in to your Slack Enterprise Grid, then click Manage organization.
  2. Visit the  Security page of the Admin Dashboard.
  3. Under Authentication, enter your SAML 2.0 Endpoint (HTTP).
    Screen_Shot_2017-03-31_at_9.32.15_AM.png
  4. In the Public Certificate field, copy and paste your entire x.509 Certificate. 
  5. You can set up more than one relying party trust with Slack. Under AuthnContextClass Ref, choose PasswordProtectedTransport and windows (use with ADFS for internal/external authentication).
  6. Enter your unique Service Provider Issuer.
    Screen_Shot_2017-03-31_at_9.34.11_AM.png
  7. Click Save Changes.

Note: While we are happy to help troubleshoot during setup, we may not always be able to guarantee that your connection will work perfectly with Slack. Send us a note and we’ll see if we can help.

Warning: ADFS does not currently support automatic deprovisioning through our SCIM API. When members are deprovisioned in your IDP, don't forget to deactivate the member in Slack.

Who can use this feature?
  • Team Owners and Admins can access this feature. 
  • Available to teams on the Plus plan and Slack Enterprise Grid.

Related Articles

Recently Viewed Articles