Slack
What is Slack
Slack is a platform for collaboration, with chat and real-time video capabilities. To learn more, visit https://slack.com.
Preparation
The following placeholder will be used:
- You can use slack.company> or my-workspace.slack.com as the FQDN of your Slack instance.
- You can use authentik.company as the FQDN of the authentik install.
For additional information about integrating with Slack, refer to their documentation.
authentik configuration
Step 1. Create custom property mappings
Your Slack integration requires two property mappings, one each for User.Email
and User.Username
, so that authentik can retrieve and map these values from Slack.
- Log in as admin to your authentik instance and then click Admin interface.
- Navigate to Customization -> Property Mappings.
- Create the property mapping for
User.Email
.- On the Property Mappings page, click Create.
- On the New property mapping modal, select SAML Property Mapping and then click Next.
- Define the required values. In the Expression field, define
User.Email
asreturn request.user.email
.
- Click Finish.
- Create the property mapping for
User.Username
.- On the Property Mappings page, click Create.
- On the New property mapping modal, select SAML Property Mapping and then click Next.
- Define the required values. In the Expression field, define
User.Username
asreturn request.user.username
.
- Click Finish.
Step 2. Create a new authentication provider
- Navigate to Applications -> Providers and then click Create.
- On the New provider modal, select SAML Provider and then click Next.
- Define the following values (values not listed below can be left as default or empty):
- Name: provide a clear name, such as "slack".
- Authorization flow: Authorize Application (
default-provider-authorization-implicit-consent
). - Protocol settings define the following values:
- ACS URL:
https://_workspace-name_.slack.com/sso/saml
- Issuer:
https://slack.com
. - Service Provider Binding: select Post
- ACS URL:
- Advanced protocol settings
- Signing Certificate: select the appproriate certificate for Slack.
- Property mappings: Select the property mappings that you created in Step 1. You can leave the default property mappings and other settings.
- Click Finish to create the provider.
Step 3. Create a new application
- Navigate to Applications -> Applications and then click Create.
- Provide a name for the new application.
- Set the provider to the one you just created.
- Click Create.
info
After you have created the provider and application, and the application is connected to the provider (Step 3 above) the Overview tab on the provider's detail page in the Admin UI will display additional information that you will need to configure Slack, using the following steps.
Slack configuration
Step 4. Configure Slack
- Log in to the Slack Admin Dashboard.
- Navigate to the Configure SAML Authentication page.
- Enter the following values:
- SAML 2.0 Endpoint (HTTP): copy/paste in the SSO URL (Redirect) URL from the provider that you created in authentik. Example:
https://_authentik.company_/applications/saml/slack/sso/binding/redirect/
- Identity Provider Issuer: set to
https://slack.com
- Public Certificate: add the certificate, which you can download from the authentik provider, under Download signing certificate.
- SAML 2.0 Endpoint (HTTP): copy/paste in the SSO URL (Redirect) URL from the provider that you created in authentik. Example:
- Optionally, configure the other settings and customize the Sign in button label.
- Click Save.