SAML 2.0 Configuration for Slack

The 10Duke Identity Bridge (IdB) works as a Single Sign-On (SSO) bridge between Consumer applications and an Identity Provider (IdP). In this case Slack is the Consumer application and the 10Duke Identity Bridge is configured as the trusted Identity Provider. A pre-requisite is that the 10Duke Identity Bridge is also configured to trust the IdP your organisation is using.

By completing the steps below, your users will be able to access Slack from a single click through from the portal provided through the 10Duke Identity Bridge. This process of logging into Slack or other cloud apps from a login portal provided is known as IDP-Initiated SAML.

The below steps describe a default configuration that is compatible with the default setup in the 10Duke Identity Bridge Console configuration. Other configuration options are available if you require a different setup.

Before configuring SAML Settings for Single Sign-On for Slack please make sure that:

  1. You have configured your identity provider in the 10Duke Identity Bridge Console (instructions available here)
  2. You have already started configuring Slack as a consumer application in the 10Duke Identity Bridge Console (instructions available here)

The following steps contain instructions for configuring SAML 2.0 for Slack.

SAML single sign-on is only available to teams on the Plus plan and Slack Enterprise Grid. Team Owners can access this feature in Slack for Teams. Org Owners can access this feature for Slack for Enterprise.

  1. Log in to Slack as an administrator.

  2. Navigate to Team Settings > Authentication

  3. Select the Custom SAML 2.0 as the SAML Provider and click Configure

  4. In the SAML 2.0 Endpoint (HTTP) field enter the RSA SecurID Access Identity Provider URL, which can be found from step 5a on page 2.

  5. Enter the following information:

    1. SAML 2.0 Endpoint (HTTP)
      • Sign into the 10Duke Identity Bridge Console to generate this value
    2. Identity Provider Issuer
      • Sign into the 10Duke Identity Bridge Console to generate this value
    3. Public Certificate
      • Sign into the 10Duke Identity Bridge Console to generate this value
    4. Settings: Under the Authentication must be used by: section, select the radio button for It’s optional (This can be changed once you are sure your configuration is working)
    5. Click the Save Configuration button