Slack SAML

0 26 April 2024

This comprehensive guide is designed to assist you in integrating ALMEFY as your Identity Provider (IdP) on Slack, utilising SAML 2.0, enabling Single Sign-On (SSO). We'll walk you through the necessary steps to ensure a seamless and secure setup. Please also refer to Slack documentation for further details.

Prerequisites

  • Admin access to your ALMEFY Hub at <subdomain>.hub.almefy.com
  • Be Workspace owner and or owner
  • Have a valid Business+ or Enterprise Grid subscription

    Setup Overview

We try our best to keep these guides updated but can not anticipate when platforms might update interfaces, or change available options for configuring SSO.

Though setting up ALMEFY as your IdP generally follows the same steps for all platforms.

  1. Configure Endpoint – Set up the specific details of your endpoint in the ALMEFY Hub.
  2. Configure Platform – Adjust your platform’s settings for compatibility with the ALMEFY endpoint.
  3. Copy Metadata – Transfer the necessary metadata from your platform to the ALMEFY Hub for secure integration.

Each step corresponds to the options in the left column of the ALMEFY Hub interface.
If you find any inconsistencies in this guide, please let us know via our contact form.

Setup

Please note: the steps in the left column of the Endpoint Creation screen in the ALMEFY Hub correspond to the same as in this guide.

Step 1. ALMEFY SSO Endpoint Configuration

  1. Create a new Endpoint in the ALMEFY Hub by clicking the Add Endpoint button in the top right of the Endpoints page.
  2. Select the Slack Preset
  3. (Optional) Rename the endpoint and the endpoint id if you do not want to use the default.
  4. Press the Generate Certificate & Private Key button or paste your own into the textboxes. We will need those later again.
  5. Keep the endpoint configuration option open and continue with Step 2.

Step 2. Slack Configuration

More details can be found in the Slack documentation.

  1. Log into Slack with a workspace or organisation admin account.

  2. From your desktop, click on your workspace name at the top left.

  3. Select Settings & administration from the menu, then click Workspace settings.

  4. Click the Authentication tab.

  5. Next to SAML authentication, click Configure.

  6. In the top right, toggle Test mode on.

  7.  Copy the SSO URL from the Step 2. section in the ALMEFY Hub and paste it next to SAML SSO URL in Slack.

  8. Next to Identity provider issuer, enter https://<subdomain>.sso.almefy.com/

  9. Copy the Certificate from the Step 2. section in the ALMEFY Hub and paste it into the Public certificate field in Slack.

  10. Next to Advanced options, click Expand. Enable end-to-end encryption, tick the box next to Sign AuthnRequest to show the certificate.

  11. Under Settings, decide if members can edit their profile information (like their email or display name) after SSO is enabled. You can also choose whether SSO is required, partially required* or optional.

  12. Under Customise, enter a Sign-in button label.

  13. Select Save configuration to finish.

    Step 3. Configure Slack Metadata in ALMEFY

  14. Navigate back to the ALMEFY Hub Endpoint creation page.

  15. In the Step 3. section, paste https://<DOMAIN NAME>.slack.com/sso/saml or https://<DOMAIN NAME>.enterprise.slack.com/sso/saml as ACS URL, depending on your subscription type. Replace the domain name with your workspace.

  16. Click "Add Endpoint".

  17. You are done!

Test & Troubleshoot

To ensure that ALMEFY has been correctly set up as your Identity Provider (IdP), you can test the login in two ways:

  1. Platform Login Page: Visit the Slack login page and check if the ALMEFY Login option is visible and functional by clicking on it and scanning the ALMEFY QR Code with the ALMEFY App.
  2. ALMEFY SSO Page: Go to <subdomain>.sso.almefy.com, sign in with the ALMEFY App, and choose your newly enabled platform to test the authentication process.

If you encounter any issues:

  • Review this guide to make sure all steps were followed correctly.
  • Consult the Slack documentation for specific setup and troubleshooting instructions.
  • Try to contact Slack support and see if your issue can be resolved.
  • If you still need help, please fill out our contact form for support.

    Conclusion

Congratulations on successfully setting up SAML 2.0 authentication with ALMEFY as your Identity Provider! You are now equipped to offer users a secure and convenient single sign-on experience.