SAML Support
Passly supports SAML Apps added in the SSO Manager.
Slack is a 3rd party tool provided via https://slack.com/
Passly Settings
- Log into Passly https://(companyname).my.passly.com
- Select Directory Manager.
- Select Groups.
- Select the Blue plus sign in the bottom right corner.
- Name the Group Slack Users.
Note: If you have other existing Groups for SSO users you can use one of these as well. - Select Add Group.
- Select SSO Manager.
- Select the Blue plus sign in the bottom right corner.
- Select Slack from the list.
- Select Application is enabled.
- Update the App name if desired.
- Under Authentication Policy you can adjust the policy in use.
Note: If you have created a custom policy for this App this where it is assigned. - Select Protocol Setup.
- Update the "Assertion Consumer Service URL"
Note: Replace "yourteamname" in https://yourteamname.enterprise.slack.com/sso/saml with your company identifier.
Note: This is the service endpoint Passly will send the token. - Note: Replace "yourteamname" in https://yourteamname.enterprise.slack.com with your company identifier.
- Select Advanced Settings.
- Enable Sign Token Response.
- Enable Sign Assertion.
- Ensure that Signing Algorithm is set to SHA-256
- Select Attribute Transformation.
Note: Here you can adjust the attributes if needed. - Select Add Application.
- Select Remove on the following Claims.
Attribute Value: {User.PrincipalName}
Send As: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
Attribute Value: {User.EmailAddress}
Send As: User.Email - Select Add Custom Attribute
Attribute Value: {User.Id}
Send As: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
Attribute Value: {User.EmailAddress}
Send As: User.Email - Select Permissions.
- Select Add Groups. Select the group created in Step 4.
- Select Signing and Encryption.
- Select Save Changes.
Slack Settings
Slack Enterprise Grid Config
- SAML 2.0 Endpoint URL= https://<customer_passly_domain>.my.passly.com/trust/launch?ApplicationId=<Sp
plicationId from Passly> - Identity Provider Issuer URL =
https://<customer_passly_domain>.my.passly.com/trust - Service Provider Issuer URL = https://<customer_domain>.enterprise.slack.com
- Public (X.509) Certificate = Grab from Passly XML Metadata
- AuthnContextClassRef =
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport (default) - Sign the AuthnRequest = Unchecked
- Sign the Response = Checked
- Sign the Assertion = Checked
Q&A
- How does the customer get the Application ID for the Slack app in Passly?
They can edit the Slack app in Passly and take note of the id value in the URL after the
“/details/”: