<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Configure Slack to Use Custom "User.Email" Attribute Value
Nov 25, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

This article provides the steps to configure a functional Slack integration that uses another User.Email attribute value than the one preconfigured within the Slack App Catalog (which are the Email and Username).

Applies To
  • Custom Security Assertion Markup Language(SAML)
  • Single Sign-On (SSO)
Cause

The User.Email attribute is required for authentication, and if the Username Format in Okta does not match the User.Email value, duplicate accounts will be created through Just In Time (JIT) provisioning. The Okta Integration Network (OIN) Slack integration has two preconfigured values ("Email" and "Username") and does not offer a Custom option for customers who would like to have end users authenticate with an alternative value (for example, Secondary Email). 

Solution

For the authentication to work with a value other than Email and Username, a Custom SAML integration in Okta must be configured. 

  1. In Okta, go to ApplicationsApplications Create App Integration > SAML 2.0.
  2. Follow the steps provided by Slack to integrate the Custom SAML app in Okta.
  3. The Username Format within the Okta Custom Slack needs to match the same value as the User.Email attribute will have (for example, user.secondEmail).
  4. Attribute Statements must be added in the Okta configuration. For the Name field, add User.Email, and for the Value field, add the attribute required for authenticating (for example, user.secondEmail).
  5. Follow the guide from Okta's side of the Custom Slack integration > Sign On > View SAML setup instructions, and take the Identity Provider Single Sign-On URL to add it in Slack for SAML 2.0 Endpoint URL(HTTP). Take the Identity Provider Issuer from Okta and add it to the Identity Provider Issuer in Slack. Copy the X.509 Certificate and paste it into the Public Certificate field in Slack.

The authentication should now be successful through the Custom SAML integration. If SCIM Provisioning is needed:

  1. In Okta, from the Custom SAML app that was integrated, go to General > Provisioning > check SCIM.
  2. Follow the steps outlined in the following Slack article to set up everything there: Provisioning with SCIM.
  3. In Okta, the SCIM connector base URL is https://api.slack.com/scim/v2/. For Authentication Mode, select HTTP Header and add the token generated in Slack > Test Connector Configuration. Then Save.

NOTE: If the Connector Configuration fails to test, save the configuration with dummy OAuth 2 values and then return to configuring the "HTTP Header" again.

 

Related References

Recommended content

Still looking for help?
Loading
How to Configure Slack to Use Custom "User.Email" Attribute Value