Step 1: Remove SSO configuration

1. Click your workspace name in the sidebar.
   
2. Hover over Tools & settings, then click Workspace settings.
3. Under Administration in the left sidebar, click   SSO & authentication. 
4. Click Disable SSO Config in the top-right corner of the page.
5. Choose whether to send an email to your members to let them know SSO has been turned off, then click Disable SSO. 

Anyone already logged in to Slack when you disable SSO will remain logged in.

Step 2: Set up your new SSO configuration 

1. Click your workspace name in the sidebar.
   
2. Hover over Tools & settings, then click Workspace settings.
3. Under Administration in the left sidebar, click SSO & authentication. 
4. Next to An identity provider or custom SAML, click Configure SAML. 
5. In the top right, toggle Test mode on. 
6. Next to SAML SSO URL, enter your SAML 2.0 endpoint URL (HTTP). (This came from setting up your connector earlier). If Okta is your IDP, you can include the IDP URL instead if you like.
7. Next to Identity Provider Issuer, enter your IDP Entity ID.
8. Copy the entire x.509 certificate from your IDP and paste it into the Public Certificate field.
9. Next to Advanced Options, click Expand. Choose how the SAML response from your IDP is signed. If you need an end-to-end encryption key, tick the box next to SignAuthnRequest to show the certificate.
10. Below Settings, decide if members can edit their profile information (e.g., their email or display name) after SSO is enabled. You can also choose whether SSO is required, partially required or optional.
11. Below Customise, enter a sign-in button label.
12. Click Save Configuration to finish.

Members will receive an email asking them to connect their existing Slack account with their profile in your updated IDP. Members need to click the SSO binding email within 72 hours, but admins can re-send these emails from the Manage members page.

1. Click your organisation name in the sidebar.
   
2. Hover over Tools & settings, then click Organisation settings.
3. From the sidebar, click   Security, then click SSO Settings.
4. Next to your current IDP, click Edit Configuration.
5. Replace the SAML 2.0 endpoint URL with the new value provided by your IDP when you set up the connector.
6. Replace your Identity provider issuer URL.
7. Replace the Service provider issuer URL if this has been set in your IDP. This value is set to https://slack.com by default.
8. Copy the entire x.509 certificate from your identity provider and paste it into the Public certificate field.
9. Choose whether the SAML responses and assertions are signed. You can also change your preference for AuthnContextClassRef values.
10. Click Test configuration. We'll let you know if the changes are successful or whether you need to make further changes.
11. When you’re ready, click Apply Changes.