Slack

Before We Dive In:

  1. You need a Slack Business + or Enterpirse Grid plan. Sorry - Slack's Pro tier doesn't support SSO.
  2. You should be a boss (Admin) of both your Slack account and your Privakey Passwordless SSO.

Heads Up - Slack is odd

Slack, being a collaborative tool, has a unique user model and unique workspace model.

Users have accounts separate from the workspaces they're entitled to see. That let's user join multiple workspaces.

So - what we're doing by Privakey enabling Slack is locking down the workspace.

In some instances a user will still need to independently assert their ID (usually through an emailed one-time-code) when logging in. But - they'll need to Privakey authenticate before getting to the Privakey-protected workspace.

It's less confusing as it sounds.

For example - a partner of yours may invite you to their Slack workspace. Of course, you'd have your own company's workspace too. You'd use the same ID to join each workspace but only need to log in with the SSO to your own company's workspace.

It's really pretty seamless in day-to-day use and there's nothing special we need to do.

Lets Do it - Set Up Slack and Privakey 🚀

A). Configure Slack in Privakey

  1. Head over to Privakey: Go to Privakey SSO and log in link .
  2. Click on "Admin" at the top.
  3. Choose "+Configure New Service Provider" (found at the bottom the Configured Service Providers section), and on the subsequent page just pick "Slack" and hit “Configure”.
  4. You only need to enter one thing - that's your Workspace ID (not your Workspace name - that could be the same but it's just a little bit different integration-wise). What's your Workspace ID? On the web you go to a Workspace by navigating to workspaceID.slack.com. In the App - just click your Workspace name and it will show a URL - the Workspace ID is the first bit. For example, for us is is just privakey so we used privakey. Are you acme.co? You'd probably use acme. Just find it in your Slack Workspace. Do you have it? OK - enter your Workspace ID in the form.
  5. Click "Submit".

You're all done with this bit of configuration! ⭐

We're done here, but leave the Privakey Admin console open. We'll need some info from there in just a moment.

B) Configure Privakey in Slack

OK - now we are going to input data that lets Slack know about Privakey in the Slack admin portal and turn on SSO.

  1. Log into Slack Administration by going to workspaceID.slack.com/admin - of course, replace workspaceID with your own Workspace ID!
  2. In the left-hand navigation select Authentication. No left-hand navigation? Click on the hamburger menu in the top left of the screen - the navigation pane will pop out.
  3. Click on Authentication in the left-hand navigation.
  4. You should see SAML Authentication in the middle of the page. Click to configure.
  5. Now we'll be cutting and pasting information from Privakey to Slack. Go back to Privakey Admin Home Page, Select “Configure New Service Provider” and then on the card header **Show Privakey SAML configuration Data” to display your Privakey Passwordless SAML data. The following screen will show:

Privakey Metadata

Privakey SAML configuration Data Admin Portal Window

  1. Now, copy-paste the info from Privakey Admin Portal Window into Slack (to copy a value from Privakey just click on the icon.) There are also a few things you'll need to configure:
  • Copy Privakey SSO Login URL and paste it to the SAML 2.0 Endpoint (HTTP) in Slack.
  • Copy the Privakey SSO Entity ID and paste it to the Identity Provider Issuer in Slack.
  • Copy the Privakey SSO Certificate - With Headers from Privakey (by clicking the button Copy Certificate) and paste in the Public Certificate field in Slack..
  • Expand Advance Options
    • Make sure Assertions Signed is ticked.
  • In Settings
    • Review the Authentication for your workspace must be used by: section.
      • Are all your users on Privakey? We recommend you select All workspace members, except guest accounts
      • However, if you have workspace members who are not part of your domain - you must select It's Optional.
    • Leave everything else un-checked.
  1. Leave the button configuration just as it is or have fun renaming it - it's up to you!
  2. Click - Test Configuration. It should pass! If it hasn't, Go back to Step A and review your work!
  3. If it passes - toggle SSO on by saving changes!

That's it! Your Privakey-enabled users can now access Slack with Privakey. 😊

Turning Off Privakey SSO

We hope you don't want to, but if you must turn off Privakey SSO for access to Slack you should:

  1. In the left-hand navigation select Authentication. No left-hand navigation? Click on the hamburger menu in the top left of the screen - the navigation pane will pop out.
  2. Click on Authentication in the left-hand navigation.
  3. Click on Change Settings.
  4. On the upper right you'll see a Toggle Button w/ the work Configure. Click on it to toggle to Test Mode.
  5. Click "Save Configuration"

Privakey is now off. Sorry to see you go! ☹️


Document Version: 1.2 | January 17, 2024.