Slack Enterprise Grid Integration
Slack Enterprise Grid Integration
Scimify enables SCIM provisioning for Slack Enterprise Grid, allowing you to sync IdP groups with Slack workspace usergroups.
Overview
Slack Enterprise Grid does not natively support SCIM provisioning for workspace-level usergroups. Scimify adds this missing functionality, enabling you to push IdP groups to Slack workspace usergroups on Enterprise Grid via SCIM. Usergroups created in your Slack workspace will correspond to groups from your identity provider.
Prerequisites
- A Slack Enterprise Grid workspace
- Admin access to create and manage Slack apps
- Ability to install apps in your Slack workspace
Configuration Steps
1. Create a Slack App
- Go to Slack API Apps and click “Create New App”
- Choose “From scratch”
- Give your app a name (e.g., “Scimify”) and select your workspace
- Click “Create App”
2. Configure the App Manifest
- In your Slack app settings, navigate to “App Manifest”
- Copy and paste the following manifest:
{ "display_information": { "name": "Scimify", "description": "Enterprise SCIM group synchronization service for Slack usergroups", "background_color": "#1f2937", "long_description": "Scimify enables seamless synchronization of groups between enterprise identity providers (like Okta, Azure AD) and SaaS apps that don't natively support SCIM groups, like:\nSlack usergroups, Github teams, Rootly teams, and more.\nVisit https://veraproof.io/scimify for more information." }, "features": { "bot_user": { "display_name": "Scimify", "always_online": false }, "app_home": { "home_tab_enabled": true, "messages_tab_enabled": false, "messages_tab_read_only_enabled": false } }, "oauth_config": { "scopes": { "user": [ "usergroups:read", "usergroups:write", "users:read", "users:read.email" ], "bot": [ "usergroups:read", "usergroups:write", "users:read", "users:read.email" ] } }, "settings": { "org_deploy_enabled": false, "socket_mode_enabled": false, "token_rotation_enabled": false }, "_metadata": { "major_version": 2, "minor_version": 1 }}- Click “Save Changes”
3. Install the App
- Navigate to “Install App” in your Slack app settings
- Click “Install to Workspace”
- Authorize the app with the requested permissions
4. Get the OAuth Token
- Navigate to “OAuth & Permissions” in your Slack app settings
- Copy the Bot User OAuth Token (starts with
xoxb-) or User OAuth Token (starts withxoxp-)
Important Notes:
- Bot tokens (
xoxb-) can only be used when usergroup creation is allowed for all Slack members in your workspace settings- User tokens (
xoxp-) should be used when you want to restrict group management to admins and owners only
5. Configure the Integration in Scimify
- Navigate to the Integrations page in your Scimify admin console
- Create a new Slack Enterprise Grid integration instance
- Enter the following configuration:
- OAuth Token: Paste the OAuth token from Step 4
- Group Description (Optional): Custom description for created groups (default: “Created via Scimify for tenant {tenant_id}“)
6. Configure Okta SCIM
Follow the Okta SCIM Configuration guide to set up SCIM provisioning in Okta.
How It Works
- When groups are pushed from your IdP, Scimify will create corresponding usergroups in your Slack workspace
- Usergroup names will match the group names from your IdP
- Users assigned to groups in your IdP will be added as members to the corresponding Slack usergroups
Token Types
Bot Token (xoxb-)
- Requires usergroup creation to be enabled for all workspace members
- Can be used by any member of the workspace
- Recommended for most use cases
User Token (xoxp-)
- Can be used when you want to restrict group management to admins and owners only
- Requires the user who generated the token to have admin/owner permissions
- Recommended for organizations with strict access controls
Need Help?
If you encounter any issues during configuration, please contact support@veraproof.io for assistance.