Skip to main content
McAfee Enterprise MVISION Cloud

Setup SAML SSO with ADFS and Slack via Proxy

Use the following procedure to configure Single Sign-On using ADFS for Slack and MVISION Cloud via SAML proxy connection. 

Slack provides an Assertion Consumer Services (ACS) in the SAML request to identify the provider with a SAML proxy for both the SAML request from Slack and the SAML assertion from ADFS.

Prerequisites

Make sure you have the following before setup with ADFS and Slack:

  • Access to Slack Enterprise account.
  • Access to MVISION Cloud
  • Enable MVISION Cloud proxy for Slack service.
  • Functioning ADFS server to reach over the Internet with a valid SSL certificate and DNS resolvable hostname.
  • Single Sign-On working setup without MVISION Cloud proxy (Slack and ADFS direct SSO).

Step 1: Configure Slack Proxy in MVISION Cloud (MVC)

NOTE: Slack doesn't require the SP certificate, so you can fake the SP certificate using the IDP certificate.

  1. Login to MVISION Cloud.
  2. Go to Settings > Service Management.
  3. Click Add Service Instance
  4. Click Slack, and enter an Instance Name.
  5. Click Done
  6. Select your Slack instance from the Services list. (If no services are listed, contact MVISION Cloud Support for help.)
  7. Click the Setup tab, and under Proxy, click Get Started
  8. Under Configure Proxy, click Configure
  9. For Select Proxy Location, select MVISION Cloud. Click Next
  10. Configure the proxy domain as shown:
    • Host Name: Enter a name and make sure to use the enterprise domain.
    • Proxy Domain: Select the required option.
      clipboard_e047e69717c89d7aff353c5c86f490398.png
  11. Click Done.
  12. Under Setup SAML, click Configure.
  13. Upload the IDP Certificate in both the IdP and SP Certificate fields and save SAML Settings.
    clipboard_ee7b960c0dad4b18e741bfa11b6eb41f5.png
  14. Export the proxy certificate to use in the Slack enterprise account.
    clipboard_e9a6e0a2d66ee9a28e5b7ad82bb6dd925.png
  15. Add the proxy property skip.saml.redirect.sig.qs.param to true.
    clipboard_e4ccc13ba4c94664719ac8d36981e78dc.png

Step 2: Configure ADFS

  1. Open the relying party trust properties configured for Slack.
  2. Replace the actual endpoint URL with modified proxy URL:
  3. Replace actual identifier value with the modified proxy URL:

Step 3: Configure Slack SSO for MVC SAML Proxy

  1. Login to slack enterprise account and select Manage Organization Setting.
  2. Go to Security > SSO Configuration and you are redirected to Change SSO Configuration page.
  3. Replace the ADFS signing certificate with an MVC proxy certificate. Replace as follows:
  4. Click Test Configuration to authenticate the ADFS.
    clipboard_eb4d7e20155219ab4efaac46d35b53432.png
  5. Once the test mode is successfully updated, click Confirm Update.
    clipboard_eb36fab189a60376b992ccdb7bc946bd0.png

NOTE:  When you logged into Slack Service, if you see a blank page instead of Slack Home page then you need to configure the following on Slack SSO:

  • Under SAML Response Signing, select the Assertion Signed.
    clipboard_e3b58ececb45d205637c3007992dd6150.png
  • Save your configuration.
  • Was this article helpful?