Integrate Slack with Conditional Access

In this topic, you will find general instructions on how to integrate Slack with Portnox™ Conditional Access for Applications.

Important: Only Business+ and higher Slack plans have the capability to connect via single sign-on.

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with Slack.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Applications option.

  3. On the APPLICATIONS screen, click on the Add new SAML application button.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this application section.
  5. In the Application details section, enter an Application name and optionally a Description.

    In this example, we used the name Slack for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Open your Slack SAML authentication settings

In this section, you will access your Slack administrative interface and find the settings for SAML authentication.

  1. In another tab of your browser, open your Slack web interface by accessing the following URL: https://your_tenant.slack.com/, where your_tenant is your tenant name.

    From now on, we will call this tab the Slack tab.

  2. Click on your organization name to show the drop-down menu, and from this menu, select Tools & settings > Workspace settings.

  3. In the Settings & Permissions pane, click on the Authentication tab, and then click on the Configure button next to the SAML authentication label.

  4. Optional: In the Configure SAML Authentication pane, in the Customize section, enter a custom name that will appear on the login button.

    In this example, we used the name Conditional Access but you can use any name that will be best for your users, for example, your organization name.

Copy configuration values from the Portnox tab to the Slack tab

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the Slack SAML authentication setup section.

  1. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Identity Provider Entity ID / Audience URI field to copy the value.

  2. In the Slack tab, click on the empty field next to the Identity Provider Issuer label and paste the value copied from Portnox Cloud.

  3. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Sign-In URL / SSO URL field to copy the value.

  4. In the Slack tab, click on the empty field next to the SAML 2.0 Endpoint (HTTP) label and paste the value copied from Portnox Cloud.

  5. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Certificate field to copy the value.

  6. In the Slack tab, click on the empty field next to the Public Certificate label and paste the value copied from Portnox Cloud.

Copy configuration values from the Slack tab to the Portnox tab

In this section, you will copy the values displayed in your Slack SAML authentication setup section, and paste them in the relevant fields in Portnox Cloud.

  1. In the Portnox tab, in the Application properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and type the value: https://slack.com.

  2. In the Portnox tab, in the Application properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and type the value: https://your_tenant.slack.com/sso/saml, where your_tenant is your tenant name.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and Slack.

  1. Finalize the configuration in the Portnox tab.
    1. Optional: In the POLICY ASSIGNMENTS section, change the setting to Application-based and then select an access control policy and a risk assessment policy if you want to control access to this application without using groups.
    2. Scroll all the way down to the end of the page, and then click on the Save button.

  2. Finalize the configuration in the Slack tab.
    1. Click on the expand button next to the Advanced Options heading.

    2. In the Advanced Options section, make sure that the Sign checkbox is inactive, and that only the Assertions Signed checkbox is active.

    3. Optional: In the Settings section, set Authentication for your workspace must be used by to It’s optional
      Note: We recommend this setting when you configure Slack for the first time, to avoid locking yourself out of Slack if your configuration is not correct.

    4. Click on the Save Configuration button to test and save the configuration.

Result: You have configured Slack to be accessible using Portnox Conditional Access for Applications.

If needed, after you finish testing, edit your SSO configuration to make SSO mandatory for all users.