Providing Single sign on to Slack


#1

Single sign-on allows your Laddr instance to act as an “identity provider” for your Slack organization, so your users only need to sign into Laddr and can seamlessly access Slack seeing another login prompt or needing to be invited. If they try to access Slack directly without a session, they’ll see a “Sign in with SAML2” button presented by Slack that will send them to Laddr’s login page, which will send them on to their original Slack destination after login or registration. The text of this button can be customized in Slack’s SSO settings to say something like “Sign in with mybrigade.org” instead. Once SSO for Slack is activated, Slack will email all existing users in the Slack organization with a button that will log them in via your Laddr instance and seamlessly link their existing Slack account.

Setup

Install and configure emergence-slack on your staging site

Link users into Slack with no extra clicks

  1. Override site-root/chat.php with an interactive relay script that will ensure the user is logged in before sending them directly to Slack’s SAML authentication endpoint:

    <?php
    
    Emergence\Slack\Connector::handleLaunchRequest();
    
  2. Override php-config/Laddr.config.d/chat.php to make all chat links rendered within the site pass the user through our custom /chat script rather than linking directly to Slack:

    <?php
    
    Laddr::$chatLinker = function($channel = null) {
        $url = '/chat';
    
        if ($channel) {
            $url .= '?channel=' . urlencode($channel);
        }
    
        return $url;
    };