SAML Section | Field | Values |
---|---|---|
Basic SAML Configuration | Reply URL (Assertion Consumer Service URL) | Enhanced SSO configuration: Copy this value from the Set up your identity provider page, which provides the specific value for your account. Your value will look similar to this: https://login.flex.us1.twilio.com/login/callback?connection=JQxxxx Legacy SSO configuration: Replace ACxxxx with your real Twilio Account SID. https://iam.twilio.com/v1/Accounts/ACxxxx/saml2 |
Basic SAML Configuration | Identifier (Entity ID) | Enhanced SSO configuration: Copy this value from the Set up your identity provider page, which provides the specific value for your account. Your value will look similar to this: urn:flex:JQxxxx Legacy SSO configuration: Replace ACxxxx with your real Twilio Account SID. After adding your unique entity ID, remove Microsoft's default entry. https://iam.twilio.com/v1/Accounts/ACxxxx/saml2/metadata |
Attributes & Claims | Twilio Flex required claims | See Configure claims section. |
SAML Signing Certificate | Signing Option | Select "Sign SAML response and assertion". |
SAML Signing Certificate | Signing Algorithm | Leave "SHA-256" selected. |
SAML Signing Certificate | Notification Email Addresses | Enter email address(es) for receiving Entra ID notifications. |
Claims are key-value pairs that the identity provider asserts are true to the application. Flex uses these to determine the critical information about each Flex User.
All the information the identity provider supplies to Twilio is stored inside Twilio TaskRouter Worker Attributes. Consider local regulations for storing data and only provide data relevant for Flex usage. Learn more about Twilio's Privacy policy.
user.mail
as its value.Required claim | Value |
---|---|
user.mail | |
full_name | user.displayname |
roles | user.assignedroles |
Your Attributes & Claims settings should look similar to this:
Make sure that the Flex SAML roles have a globally unique identifier (GUID). GUIDs are a long string of letters and numbers that Entra ID can use to identify each Flex roles.
To create an app role:
Note: If you use Flex Insights, you must create separate entries for each Insights role you expect to assign to your agents:
All the information the identity provider supplies to Twilio is stored inside Twilio TaskRouter Worker attributes. Consider local regulations for storing data, and only provide data relevant for Flex usage (see the Twilio Privacy policy for more information).
Please see the Identity Attributes section of the SSO Configuration docs for more information about naming attributes and other possible Worker attributes.
Twilio SSO field | Entra ID field |
---|---|
X.509 Certificate | Certificate (Base64) |
Identity Provider Issuer | Microsoft Entra Identifier |
Single Sign-on URL | Login URL |
Note: If you use Flex Insights, you must add each role you created previously as individual assignments for your agents.
See Configuring SSO for more details about the following topics:
To test your SSO setup:
If you need to pass custom attributes to your Flex users, refer to Pass Custom Azure AD Attributes as Twilio Flex SAML Claims.