---
title: Slack
description: Integrate Slack with Access.
image: https://developers.cloudflare.com/zt-preview.png
---

> Documentation Index  
> Fetch the complete documentation index at: https://developers.cloudflare.com/cloudflare-one/llms.txt  
> Use this file to discover all available pages before exploring further.

[Skip to content](#%5Ftop) 

### Tags

[ SAML ](https://developers.cloudflare.com/search/?tags=SAML)[ Slack ](https://developers.cloudflare.com/search/?tags=Slack) 

# Slack

**Last reviewed:**  almost 2 years ago 

This guide covers how to configure [Slack ↗](https://slack.com/help/articles/203772216-SAML-single-sign-on) as a SAML application in Cloudflare One.

## Prerequisites

* An [identity provider](https://developers.cloudflare.com/cloudflare-one/integrations/identity-providers/) configured in Cloudflare One
* Admin access to a Slack Business+ or Enterprise Grid plan account

## 1\. Add a SaaS application to Cloudflare One

1. In the [Cloudflare dashboard ↗](https://dash.cloudflare.com/), go to **Zero Trust** \> **Access controls** \> **Applications**.
2. Select **Create new application** \> **SaaS application**.
3. For **Application**, select _Slack_.
4. For the authentication protocol, select **SAML**.
5. Select **Add application**.
6. Fill in the following fields:  
   * **Entity ID**: `https://slack.com`  
   * **Assertion Consumer Service URL**: `https://<YOUR_DOMAIN>.slack.com/sso/saml`  
   * **Name ID format**: The format expected by Slack, usually _Email_
7. Copy the **SSO endpoint**, **Access Entity ID or Issuer**, and **Public key**.
8. Configure [Access policies](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/) for the application.
9. Save the application.

## 2\. Create a x.509 certificate

1. Paste the **Public key** in a text editor.
2. Wrap the certificate in `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.

## 3\. Add a SAML SSO provider to Slack

* [ business+ plan ](#tab-panel-4876)
* [ enterprise grid plan ](#tab-panel-4877)

1. In Slack, go to **Settings & administrations** \> **Workspace settings** \> **Authentication**.
2. Select **Configure**.
3. Turn on **Test**. Configuration changes will not apply until **Configure** is turned on.
4. Fill in the following fields:  
   * **Service Provider Issuer URL**: Ensure set to `https://slack.com`.  
   * **SAML SSO URL**: SSO endpoint from application configuration in Cloudflare One.  
   * **Identity Provider Issuer**: Access Entity ID or Issuer from application configuration in Cloudflare One.  
   * **Public Certificate**: Paste the entire x.509 certificate from step [2\. Create a x.509 certificate](#2-create-a-x509-certificate).
5. Under **Advanced Options**, select **Expand**.
6. For **AuthnContextClassRef**, ensure _urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport_ is selected.
7. Ensure **Sign the AuthnRequest** is turned off.
8. For **SAML Response Signing**, turn on **Sign the Response** and **Sign the Assertion**.
9. In the main configuration page under **Settings**, choose whether SSO is _required_, _partially required_, or _optional_ for workspace members.
10. (Optional) Under **Customize**, enter a **Sign in Button Label**.
11. Test your set-up. If all works well, turn **Test** to **Configure**.

1. In Slack, go to **Settings & administration** \> **Organization settings** \> **Security** \> **SSO Settings**.
2. For **SSO name**, enter your desired name.
3. Fill in the following fields:  
   * **SAML 2.0 Endpoint URL**: SSO endpoint from application configuration in Cloudflare One.  
   * **Identity Provider Issuer URL**: Access Entity ID or Issuer from application configuration in Cloudflare One.  
   * **Service Provider Issuer URL**: Ensure set to `https://slack.com`.  
   * **x.509 Certificate**: Paste the entire x.509 certificate from step [2\. Create a x.509 certificate](#2-create-a-x509-certificate).
4. For **AuthnContextClassRef**, ensure _urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport_ is selected.
5. Ensure **Sign the AuthnRequest** is turned off.
6. For **SAML Response Signing**, turn on **Sign the Response** and **Sign the Assertion**.
7. Select **Test Configuration**.
8. If all works well, select **Turn on SSO** or **Add SSO**.

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/cloudflare-one/","name":"Cloudflare One"}},{"@type":"ListItem","position":3,"item":{"@id":"/cloudflare-one/access-controls/","name":"Access controls"}},{"@type":"ListItem","position":4,"item":{"@id":"/cloudflare-one/access-controls/applications/","name":"Applications"}},{"@type":"ListItem","position":5,"item":{"@id":"/cloudflare-one/access-controls/applications/http-apps/","name":"Add web applications"}},{"@type":"ListItem","position":6,"item":{"@id":"/cloudflare-one/access-controls/applications/http-apps/saas-apps/","name":"SaaS applications"}},{"@type":"ListItem","position":7,"item":{"@id":"/cloudflare-one/access-controls/applications/http-apps/saas-apps/slack-saas/","name":"Slack"}}]}
```