We’re setting up SLACK for SAML via OKTA, and wanted to first Pilot it with a small subset of users. I know we can create Groups, but is it possible to require only this group to use SAML for login? Or would I need to make another instance of the SLACK application within OKTA to separate the login requirements?
You can assign Group Acces for a specific App in your case Slack SAML , but you can't limit the user to only one form of authentication outside of the Application settings, To limit the SSO method for the App you would indeed need two instances for the prefered delegation method one App with SAML and one with SWA for example and assigning them to users or groups with the intended SSO login method. Group rules can be added but they limit the users access to the App not to the Apps signon method. Check out this link for more details on Groups capabilities and rules : https://help.okta.com/en/prod/Content/Topics/Directory/Directory_Groups.htm