Creating a Slack connection

Use a Slack connection to enable provisioning from PingOne to the Slack user directory.

Before you begin

Make sure you have:

A Slack Workspace Owner account. Learn more in Types of roles in Slack in the Slack documentation.
The OAuth2 Access Token for the connected application. You can use the Ping Identity OAuth Configuration Service (OCS) to get the token. Learn more in Getting a Slack API access token.
Reviewed the provisioning information in the Slack documentation. Learn more in Manage members with SCIM Provisioning.

Steps

In the PingOne admin console, go to Integrations > Provisioning.
Click and then click New Connection.
On the Identity Store line, click Select.
On the Slack tile, click Select,. Click Next.
Enter a name and description for this provisioning connection.

Result:

The connection name appears in the provisioning list after you save the connection.
Click Next.
In the Configure Authentication section, in the OAuth2 Access Token field, enter the access token from Slack for the connected application.

You can use the Ping Identity OAuth Configuration Service (OCS) to get the token. Learn more in Getting a Slack API access token.
Click Test Connection to verify that PingOne can establish a connection to Slack.

Result:

If there are any issues with the connection, a Test Connection Failed modal opens. Click Continue to resume the setup with an invalid connection.

You can’t use the connection for provisioning until you’ve established a valid connection to Slack. To retry, click Cancel in the Test Connection Failed modal and repeat step 7.

Troubleshooting:

Learn more about troubleshooting your connection in Troubleshooting test connection failure.

In the Configure Preferences and Actions sections, enter the following:

Field Description

Unique User Identifier

Determines how to identify a unique user. Select primaryEmail or userName.

Group Membership Handling

Determines whether to update or replace target groups with PingOne memberships. Select Merge or Overwrite.

Merging or overwriting memberships only applies to SCIM, Slack, and GitHub EMU provisioning connections.

Allow Users to be Created

Determines whether to create a user in the Slack user directory when the user is created in the PingOne identity store.

Allow Users to be Updated

Determines whether to update user attributes in the Slack user directory when the user is updated in the PingOne identity store.

Allow Users to be Deprovisioned

Determines whether to deprovision a user in the Slack user directory when the user is deprovisioned in the PingOne identity store.

Remove Action

Determines the action to take when removing a user from the Slack user directory.

Disable: When a user is deprovisioned from the PingOne identity store, PingOne disables the user in the external identity store.

Deprovision on Rule Deletion

Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.

Click Save.
To enable the connection, click the toggle at the top of the details panel to the right (blue).

You can disable the connection by clicking the toggle to the left (gray).

Result

The Slack provisioning connection is added to the list of connections on the Provisioning page.

Next steps

Sync group members out of PingOne into a software as a service (SaaS) application. Learn more in Configuring outbound group provisioning.

Slack provisioning features

Provision users from the PingOne identity store to a Slack identity store.

The provisioner offers the following features:

Supports all Slack plans, including Standard, Plus, and Enterprise Grid.
Manages users in Slack based on changes in an external datastore:
- Creates, updates, and disables users.
- Enable the create, update, and disable capabilities independently.
- Choose to disable users when deprovisioning.
Supports outbound group provisioning.

Slack attribute mapping

The following table lists common Slack user attributes that can be mapped to PingOne user attributes for user provisioning.

Attribute	Description
userName	The user’s username and Slack login.
displayName	The user’s nickname in the PingOne identity store.
givenName	The user’s first name.
familyName	The user’s last name.
primaryEmail	The user’s email address.
active	The status of the user account in Slack.

Attribute

Description

userName

The user’s username and Slack login.

displayName

The user’s nickname in the PingOne identity store.

givenName

The user’s first name.

familyName

The user’s last name.

primaryEmail

The user’s email address.

active

The status of the user account in Slack.

Slack provisioning known limitations

The following are known limitations with Slack user provisioning.

Some user attributes in the Slack directory cannot be cleared after they are set.
Membership sync status for a group shows success even if a disabled user is added to a group in group provisioning.

PingOne