Skip to main content

Slack

BlokSec can be configured to support passwordless login to Slack via SAML2.

The BlokSec ↔️ Slack integration enables authentication via the SAML protocol. Configuration involves a few simple steps on both the BlokSec admin UI and the Slack admin console.

BlokSec Admin UI

  1. Sign into BlokSec admin UI as a user with admin privileges for your tenant

  2. On the main dashboard, click the Add Application drop-down and select Create From Template Screenshot

  3. Select Slack
    Screenshot

  4. Complete the application details as follows:

Name: Slack (or your desired application name)

Logo URI: You can replace this with a link to the logo of your choice, or leave the default for Slack's logo

Entity ID: https://slack.com

NameID Source: Account name

Assertion Consumer Service: https://<your_domain>.slack.com/sso/saml
(replace <your_domain> with your Slack domain name)

Single Logout Service: https://<your_domain>.slack.com/sso/saml/logout
(replace <your_domain> with your Slack domain name)

Name ID Format:
Persistent

Custom Attributes: (no change required)

info

The template includes one custom attribute which is mandatory for Slack: $User.Email - the Default Value for this attribute will be pulled from the user's email using the ${email} variable

  1. Click Submit to save the configuration

  2. Click View Cert and then select Copy; also make note of the SSO Uri as it will be required when configuring Slack

Slack Admin Console

Sign into the Slack admin console as a user with admin privileges

Navigate to Authentication

Click Configure for SAML authentication

Screenshot

Complete the identity provider configuration with the following values (adjusting if required to meet your desired behaviour):

SAML 2.0 Endpoint (HTTP): Enter the SSO URI from the BlokSec application noted above

Identity Provider Issuer: https://api.bloksec.io

X.509 certificatate: Upload the certificate file saved in step 5 above

SSO sign-in URL: Select Copy Link

Advanced Options

Expand the Advanced Options section, and ensure that Assertions Signed is not checked Screenshot

At the bottom of the configuration section, you may customize the Sign In Button Label - we suggest using BlokSec for this Screenshot

Click Save Configuration to apply the configuration changes - Slack will prompt you to login to ensure the changes are working as expected.