Configure RSA Cloud Authentication Service

1. Sign in to RSA Cloud Administration Console and browse to Applications > Application Catalog.
2. Search for Slack and click Add to add the connector.                                                                                                                                     
3. On the Basic Information page, choose Cloud.                                                                                                                  
4. In the Name field, enter a name for the application and click Next Step.                                    
5. In the Connection Profile section, choose IDP-initiated.                                                                                                                            
6. In the Service Provider section, provide the details in the following format:  
   1. ACS URL: https://<workspace>.slack.com/sso/saml. Replace <workspace> with your workspace name value. 
   2. Audience (Service Provider Entity ID): https://<workspace>.slack.com. Replace <workspace> with your workspace name value. 
7. Scroll down to the Identity Provider section. Copy the URL in the Identity Provider URL text field. It is required while configuring Slack.                                                                                                                                         
8. Scroll down to the Identity Provider Entity ID section. You can retain the default value that is the same as the Identity Provider URL or select Override and replace it with your specified Entity ID. It is required while configuring Slack.                                                                                                                                                                                    
9. In the SAML Response Protection section, do one of the following:
   1. To sign the SAML assertion only, select IdP signs assertion within response.
   2. To sign the whole SAML response, select IdP signs entire SAML response.
10. Import a private/public key pair to sign and validate SAML assertions. If a key is unavailable, use the following sub-steps to generate a certificate bundle. Otherwise, continue to the next step.
    1. Click Generate Certificate Bundle in the SAML Response Signature section.
    2. Enter a common name for your Identity Router domain in the Common Name (CN) field.
    3. Click Generate and Download, save the certificate bundle zip file to a secure location, and extract its contents. The zip file contains a private key, a public certificate, and a certificate signing request.                                                                            
11. Click Show Connection Profile Advanced Configuration and under the User Identity section, select the Identifier Type and Property value.                                                                                                                                                                                                              
    1. Select Email Address in the Identifier Type drop-down list.
    2. Select mail in the Property drop-down list.
12. Include email address in the Statement Attributes section.
    1. Select Identity Source in the Attribute Source drop-down list, enter User.Email in the Attribute Name text box, and select mail in the Property drop-down list.                                                                                                                                                                 
13. Click Next Step.
14. Choose your desired Access Policy for this application and click Next Step > Save and Finish.                                                         
15. Click Publish Changes. 

Configure Slack

1. Sign in to Slack admin console - https://<workspace>.slack.com/admin.
2. Click the Menu in the upper-left corner and click Settings & permissions.                                                                                              
3. Click the Authentication tab.                                                                                                                                                
4. If you are configuring SAML Authentication for the first time, click Configure. If SAML Authentication was configured previously, click Change Settings in the SAML authentication Settings section.                                                                                                                                                           
5. In the Configure SAML Authentication section, enable the Configure toggle switch.                                                                              
6. Enter your Cloud Identity Provider URL in the SAML 2.0 Endpoint (HTTP) field and your Cloud Identity Provider Entity ID in the Identity Provider Issuer field.                                                                                                                                                                  
7. Copy the RSA public certificate extracted from the zip file during the configuration and paste it into the Public Certificate field.               
8. Scroll down to the Advanced Options section and click expand.                                                                                                         
9. Enter your Service Provider URL in the Service Provider Issuer field. 
   (Default value is: https://slack.com)                                                                                                                                                             
10. Choose how the SAML response from your IDP is signed. You must choose at least one option.                                                          
11. Click Save Configuration.