Slack

BlokSec can be configured to support passwordless login to Slack via SAML 2.0. Configuration involves steps on both the BlokSec admin console and the Slack admin console.

Prerequisites

• A BlokSec admin account with permission to create applications
• A Slack workspace with admin access and SAML authentication available (Slack Business+ or Enterprise Grid)

Setup

1. Create the Slack application in BlokSec

1. Sign in to the BlokSec admin console as a user with admin privileges
2. From the dashboard, click + Add Application and select Create From Template
3. Select the Slack template
4. Complete the application details with the following values:

Field	Value
Name	Slack (or your preferred name)
Logo URI	Leave as default for Slack’s logo, or replace with a link of your choice
Entity ID	https://slack.com
NameID Source	Account name
Assertion Consumer Service	https://<your_domain>.slack.com/sso/saml
Single Logout Service	https://<your_domain>.slack.com/sso/saml/logout
Name ID Format	Persistent
Custom Attributes	No changes required

Note

Replace <your_domain> in the Assertion Consumer Service and Single Logout Service URLs with your Slack workspace domain name (for example, https://acme.slack.com/sso/saml).

The template includes one custom attribute that is mandatory for Slack: the $User.Email attribute, which maps to the user’s email using the ${email} variable. Leave this as-is.

5. Click Submit to save the configuration
6. Click View Cert and then Copy to save the X.509 signing certificate — also note the SSO URI, as both are required in the next step

2. Configure SAML authentication in Slack

1. Sign in to the Slack admin console as a user with admin privileges
2. Navigate to Authentication
3. Click Configure next to SAML authentication
4. Enter the following values:

Field	Value
SAML 2.0 Endpoint (HTTP)	SSO URI from the BlokSec application above
Identity Provider Issuer	https://api.bloksec.io
X.509 Certificate	Paste the certificate copied from BlokSec in step 6 above

5. Expand the Advanced Options section and ensure that Assertions Signed is not checked

6. Optionally, customize the Sign In Button Label — we suggest using BlokSec for clarity

7. Click Save Configuration

Note

After saving, Slack will prompt you to sign in to verify the configuration is working before it takes effect. Have the BlokSec mobile app ready to approve the test sign-in.

Verifying the integration

1. Open a private/incognito browser window
2. Navigate to your Slack workspace login page
3. Click the BlokSec sign-in button (or your configured label)
4. Approve the sign-in on the BlokSec mobile app
5. Confirm you are successfully signed in to Slack

Test before rolling out

Verify the integration with a single user account before communicating the change to your organization. Make sure the test user has the BlokSec app installed and their account fully provisioned.