[Notification] We're upgrading the JumpCloud Support Center the week of September 30th.

Support Center

Single Sign On (SSO) with Slack


  • A public certificate and private key pair are required to successfully connect applications with JumpCloud. After you activate an application, we automatically generate a public certificate and private key pair for you. You can use this pair or upload your own. 
  • In order to successfully complete the integration between JumpCloud and Slack, you must use a team admin (administrator) account on a Slack Plus or Enterprise plan.
  • The email address of the JumpCloud accounts must correspond to the email address associated with the Slack Plus accounts.


  • After you connect an application to JumpCloud, you can connect it to user groups. Users in the groups you connect can access the application through SAML SSO. Learn how to connect user groups to applications.
  • We recommend that you initially configure Slack SSO to be Optional until you are sure your SSO configuration is working.

Configure the JumpCloud SSO Application

  1. Access the JumpCloud Administrator Console at https://console.jumpcloud.com.
  2. Select Applications in the main navigation panel.
  3. Select the + in the upper left, scroll or search for the application in the 'Configure New Application' side panel, the select 'configure'.
  4. You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
  5. In the IDP Entity ID field, enter https://YOURDOMAIN.TLD (e.g., https://thebestwidgets.com).
  6. In the SP Entity ID field, enter https://TEAMNAME.slack.com (replace TEAMNAME with your Slack account's registered team name).
  7. In the ACS URL field, enter https://TEAMNAME.slack.com/sso/saml (replace TEAMNAME with your Slack account's registered team name).
  8. In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector.
  9. (Optional) In the Display Label field, enter a label that will appear beside the Slack logo within the JumpCloud console to guide administrators and users to the connection you have configured.
  10. Select Activate.

Configure the Service Provider

  1. Log in to Slack as an administrator (This user's email should also be managed by JumpCloud).
  2. From your desktop, click your workspace name in the top left. Select Administration, then Workspace settings from the menu.
  3. Select on Authentication in the sidebar.
  4. Under Configure an authentication method, select the Configure button to the right of SAML authentication.
  5. Select the radio button labelled Custom SAML 2.0, then select Configure.
  6. In the SAML 2.0 Endpoint (HTTP) field, enter the same IdP URL that you set in the JumpCloud console (if you did not modify the termination of this URL, then enter the default URL: https://sso.jumpcloud.com/saml2/slack).
  7. In the Identity Provider Issuer field, enter https://YOURDOMAIN.com (this should be the same value you entered while configuring JumpCloud).
  8. In the Public Certificate textfield, paste the contents of your public certificate.
  9. In Advanced Options, in the Service Provider Issuer field, enter https://YOUR_DOMAIN.slack.com (This should be the same value you entered in JumpCloud).  Check the box Responses Signed under Choose how the SAML response from your IDP is signed.
  10. In the Settings section, under the Authentication for your team must be used by: section, select the radio button for It's optional (You can change this behavior once you are sure your configuration is working).
  11. In the Customize section in the Sign In Button Label field, enter JumpCloud.
  12. Select the Save Configuration button.
  13. You will then be sent to the JumpCloud User Portal to perform an initial SSO login and confirm the configuration.
  14. Once you have completed SSO as the administrator account, your authentication settings will be verified and enabled.

Validate SSO authentication workflows

IdP Initiated

  • Access the JumpCloud User Console at https://console.jumpcloud.com.
  • Select the Service Provider icon.
  • This should automatically launch and login to the application.

SP Initiated

  • In your Web browser, navigate to your team's Slack URL https://TEAMNAME.slack.com.
  • Select Sign in with JumpCloud.
  • If necessary, log into the JumpCloud User Console as the appropriate user.
  • You should automatically be logged in to the Slack account.

Last Updated: Aug 19, 2019 12:54PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found