Configuring Just-in-Time (JIT) provisioning for Slack

This guide details the steps to configure JIT provisioning between ManageEngine ADSelfService Plus and Slack.

Prerequisite

SAML-based SSO must be configured to enable JIT provisioning. To learn how to configure SSO for Slack, click here.

Slack (Service Provider) configuration steps

1. Log in to Slack as a workspace owner or workspace admin.
2. On the left pane, select Configure apps in the Account section.

3. On the App Directory page, click Build in the top-right corner.

4. In the Slack API page, click Create New App.

5. In the Create an app pop-up, select the From scratch option.

6. Enter the App Name as ADSelfService Plus and select a workspace to develop your app in from the drop-down.
7. Click Create App.

8. The app will be created, and you’ll be redirected to the Basic Information page of the app.
9. Under the Install your app to your workspace section, click the permission scope link.

10. Under the Scopes section, select Administer the workspace option from the Select Permission Scopes drop-down.

11. In the left menu, under the Settings section, click Install App.
12. Click Install to Workspace

13. You’ll be redirected to a new page where you need to grant permission to the app to administer your workspace. Click Allow.

14. Copy the OAuth Access Token displayed.

ADSelfService Plus (Identity Provider) configuration steps

1. Login to ADSelfService Plus with administrator credentials.
2. Navigate to Configuration > Self-Service > Password Sync/Single Sign On > Add Application, and select Slack from the applications displayed.

Note: You can also find Slack from the search bar located in the left pane or the alphabet wise navigation option in the right pane.

3. Enter the Application Name and Description.
4. Enter the Domain Name of your Slack account. For example, if you use johndoe@thinktodaytech.com to log in to Slack, then thinktodaytech.com is the domain name.
5. In the Assign Policies field, choose the policies for which you want the application to be assigned.

Note: ADSelfService Plus enables you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.

6. Click SCIM and select Enable Just-in-Time Provisioning.
7. In the OAuth Access Token field, paste the OAuth Access Token value copied in Step 14.
8. In the License Consumption Limit field, enter the maximum number of licenses you want to be consumed in this application. This will ensure that only the specified license count is used when creating user accounts in the application. The number of licenses consumed will be displayed next to this field. If license consumption exceeds the specified limit, then the user account creation process is stopped.
Note:
• The license usage details will be visible when editing the application configuration.
• If a user already has an account in the application, their access attempt through ADSelfService Plus will also be counted towards the license count.
9. Click Add Application.

You have now successfully configured JIT provisioning for Slack. User accounts that do not exist in Slack will be created automatically during SSO login.