Adding Slack

SAML Support

Passly supports SAML Apps added in the SSO Manager. 

Slack is a 3rd party tool provided via https://slack.com/ 

 

Passly Settings

  1. Log into Passly https://(companyname).my.passly.com
  2. Select Directory Manager.
  3. Select Groups.
  4. Select the Blue plus sign in the bottom right corner.
    blobid1.png
  5. Name the Group Slack Users.
    Note: If you have other existing Groups for SSO users you can use one of these as well.
  6. Select Add Group.
  7. Select SSO Manager.
  8. Select the Blue plus sign in the bottom right corner.
    mceclip0.png
  9. Select Slack from the list.
  10. Select Application is enabled.
  11. Update the App name if desired. 
  12. Under Authentication Policy you can adjust the policy in use.

    Note: If you have created a custom policy for this App this where it is assigned. 
  13. Select Protocol Setup.
  14. Update the "Assertion Consumer Service URL"

    Note: Replace "yourteamname" in https://yourteamname.enterprise.slack.com/sso/saml with your company identifier. 
    Note
    : This is the service endpoint Passly will send the token.
  15. Note: Replace "yourteamname" in https://yourteamname.enterprise.slack.com with your company identifier. 
  16. Select Advanced Settings.
  17. Enable Sign Token Response.

  18. Enable Sign Assertion.

  19. Ensure that Signing Algorithm is set to SHA-256

  20. Select Attribute Transformation.

    Note: Here you can adjust the attributes if needed. 
  21. Select Add Application.
  22. Select Remove on the following Claims. 
    Attribute Value: {User.PrincipalName} 
    Send As: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
    Attribute Value: {User.EmailAddress}
    Send As: User.Email
  23. Select Add Custom Attribute
    Attribute Value:  {User.Id}
    Send As: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier 
    Attribute Value: {User.EmailAddress}
    Send As: User.Email
  24. Select Permissions.
  25. Select Add Groups. Select the group created in Step 4.
  26. Select Signing and Encryption. 
  27. Select Save Changes.

Slack Settings

Slack Enterprise Grid Config

  • SAML 2.0 Endpoint URL= https://<customer_passly_domain>.my.passly.com/trust/launch?ApplicationId=<Sp
    plicationId from Passly>
  • Identity Provider Issuer URL =
    https://<customer_passly_domain>.my.passly.com/trust
  • Service Provider Issuer URL = https://<customer_domain>.enterprise.slack.com
  • Public (X.509) Certificate = Grab from Passly XML Metadata
  • AuthnContextClassRef =
    urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport (default)
  • Sign the AuthnRequest = Unchecked
  • Sign the Response = Checked
  • Sign the Assertion = Checked

 

Q&A

  • How does the customer get the Application ID for the Slack app in Passly?
    They can edit the Slack app in Passly and take note of the id value in the URL after the
    “/details/”:

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section