To reconfigure any of the General Settings or Sign-On Options, uncheck the Enable provisioning features box, and use the Previous and Next buttons to navigate through the configuration screens.
This guide provides the steps required to configure Provisioning for Slack.
If you are enabling provisioning after already having users assigned to Slack SSO, be sure to run a full import to link the existing assigned user to the Slack user.
Make sure that your Slack organization has a Plus Plan subscription. It is required for Slack to get you access to Slack SCIM API.
Slack provisioning requires you to be using the Slack Plus edition.
Schema Discovery is now supported. Existing Slack app instances need to re-authenticate to enable this feature. New Slack app instances will get this feature by default.
Profile Mapping Template Updated. Existing Slack app instances need to contact Okta Support to update to the latest profile mappings template or can use Schema Discovery to map new attributes. New Slack instances will get the latest template by default.
The following provisioning features are supported:
Push New Users
New users created through OKTA will also be created in the third party application.
Push User Deactivation
Deactivating the user through OKTA will remove the user from the organization and all teams in the third party application.
Push Profile Updates
Updates made to the user's profile through OKTA will be pushed to the third party application.
Import New Users
New users created in the third party application will be downloaded and turned in to new AppUser objects, for matching against existing OKTA users.
Import Profile Updates
Updates made to a user's profile in the third party application will be downloaded and applies to the profile fields stored locally in OKTA. If the app is the system of record for the user, changes made to core profile fields (email, first name, last name, etc) will be applied to the Okta user profile. If the app is NOT the system of record for the user, only changes made to app-specific fields will be applied to the local user profile.
Groups and their members can be pushed to remote systems. More about using group push operations you can find here: Using Group Push.
Reactivating the user through Okta will reactivate the user in the 3rd party application.
Import User Schema
Import additional user attributes from Slack. Also known as Schema Discovery
Configure your Provisioning settings for Slack as follows:
Check the Enable provisioning features box.
Click the Authenticate with Slack button:
You will be redirected to Slack's page, where you are prompted to enter your Slack subdomain:
Sign into Slack, and authorize the Okta connector:
You are redirected back to Okta to continue application configuration. You should see a message confirming the integration was authenticated successfully:
Scroll down and enable the Provisioning Features you want to use for this app:
You can now assign people to the app, if needed.
If you see any provisioning errors, please make sure you verified the following list of tips:
Make sure that your Slack organization has Plus Plan subscription.
Note that Slack API doesn't support special characters in username (for example: "+" char, as in firstname.lastname@example.org); avoid such characters if possible.