Slack - SAML IDR SSO Configuration - RSA Ready Implementation Guide
Configure RSA Cloud Authentication Service
Perform these steps to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to Slack.Procedure
- Sign in to RSA Cloud Administration Console and browse to Applications > Application Catalog.
- Search for Slack and click Add to add the connector.
- On the Basic Information page, choose Identity Router.
- Enter the name for the application in the Name field and click Next Step.
- Navigate to the Initiate SAML Workflow section and verify the default setting in the Connection URL field.
- Choose IdP-initiated.
- Scroll down to the Identity Provider section. The values in this section are required while configuring Slack.
- Identity Provider URL and Identity Provider Entity ID are automatically generated.
- Import a private/public key pair to sign and validate SAML assertions. If a key is unavailable, use the following sub-steps to generate a certificate bundle. Otherwise, continue to the next step.
- Click Generate Certificate Bundle in the SAML Response Signature section.
- Enter a common name for your Identity Router domain in the Common Name (CN) field.
- Click Generate and Download, save the certificate bundle zip file to a secure location, and extract its contents. The zip file contains a private key, a public certificate, and a certificate signing request.
- In the Service Provider section, provide the details in the following format:
- ACS URL: https://<workspace>.slack.com/sso/saml. Replace <workspace> with your workspace name value.
- Audience (Service Provider Entity ID): https:// <workspace>.slack.com. Replace <workspace> with your workspace name value.
- Scroll down to the User Identity section and select the following:
- Identifier Type - Email Address
- Identity Source - Select your user identity source
- Property - mail
- Include email address in the Statement Attributes section.
- Select Identity Source in the Attribute Source drop-down list, enter User.Email in the Attribute Name text box, select your Identity Source in the Identity Source drop-down list, and select mail in the Property drop-down list.
- Select Identity Source in the Attribute Source drop-down list, enter User.Email in the Attribute Name text box, select your Identity Source in the Identity Source drop-down list, and select mail in the Property drop-down list.
- Click Next Step.
- On the User Access page, select the access policy that the identity router will use to determine which users can access the application.
- Click Next Step.
- On the Portal Display page, configure the portal display and other settings.
- Click Save and Finish.
- Click Publish Changes.
Configure Slack
Perform these steps to configure Slack.Procedure
- Sign in to Slack admin console - https://<workspace>.slack.com/admin.
- Click the Menu in the upper-left corner and click Settings & permissions.
- Click the Authentication tab.
- If you are configuring SAML Authentication for the first time, click Configure. If SAML Authentication was configured previously, click Change Settings in the SAML Authentication Settings section.
- In the Configure SAML Authentication section, enable the Configure toggle switch.
- Enter your Identity Provider URL in the SAML 2.0 Endpoint (HTTP) field and your Issuer Entity ID in the Identity Provider Issuer field.
- Copy the RSA public certificate extracted from the zip file during configuration and paste it into the Public Certificate field.
- Scroll down to the Advanced Options section and click expand.
- Enter your Service Provider URL in the Service Provider Issuer field.
(Default value is: https://slack.com) - Choose how the SAML response from your IDP is signed. You must choose at least one option.
- Click Save Configuration.
The configuration is complete.
Return to Slack - RSA Ready Implementation Guide .
