Skip to contentSkip to navigationSkip to topbar
On this page

Configuring SSO with any other SAML2.0 Identity Provider


(information)

Info

Single Sign-On for Twilio Console is available for customers with Twilio Enterprise Edition or Twilio Administration Edition(link takes you to an external page). For more information, please talk to sales(link takes you to an external page).

This guide covers configuring your SAML 2.0 Identity Provider with Twilio for SSO login to Twilio Console. If you are looking to Configure SSO for Twilio Flex, Frontline or SendGrid(link takes you to an external page), please refer to the configuration guides for them:

Before proceeding with SSO Configuration make sure that you have satisfied all of the prerequisites.


Step 1: Create a new SSO Profile in the Twilio Admin Center

step-1-create-a-new-sso-profile-in-the-twilio-admin-center page anchor

Go to Admin Center and click on the Single Sign-On option in the navigation bar as shown below

SSO-Admin Center - SSO Link in Nav.

Create a new SSO Profile by clicking the 'Create new SSO Profile ' button. You will land on the below screen where you can copy or download the SP Metadata.

SSO-Admin Center - SP Metadata for Okta.

Keep this tab open as you will need these values to configure a SAML application in your IdP


Step 2: Create a new SAML Application or App Integration in your Identity Provider

step-2-create-a-new-saml-application-or-app-integration-in-your-identity-provider page anchor

You will need to create an application or integration that will enable your users to be able to log in to the Twilio Console via SAML single sign-on.

If your IdP supports multiple login methods for the application then please make sure to select SAML 2.0 as the login method.

Provide an appropriate name to the Application and if your IdP supports then upload Twilio Logo(link takes you to an external page) so that your users can recognize and use the application.


Step 3: Configuring SAML settings in your Application or App Integration

step-3-configuring-saml-settings-in-your-application-or-app-integration page anchor

For your IdP to recognize Twilio SSO you will need to copy and paste the following values from the Twilio SSO Profile you created in Step 1 -

  1. Audience URI/Entity ID: this value will be used by your IdP to specify the entity or audience the SAML Assertion is intended for
  2. Assertion Consumer Service (ACS) URL or Single sign-on (SSO) URL: This is the Twilio URL where your IdP should send the SAML Response
  3. Recipient and Destination URLs: If your IdP requires these values to be configured separately then populate the same value as ACS/SSO URL in these fields as well
  4. Default Relay State: should be left blank

Apart from the above, you'll also need to configure NameID and Signing Option settings in your IdP -

  1. NameID: The NameID format should be EmailAddress and its value should be configured to the email address attribute of your users.

  2. Signing Option: You should configure your IdP to send 'Signed' SAML Response as well as 'Signed' SAML Assertion to Twilio.

  3. Encryption: Twilio SSO does not support encrypted SAML response. So make sure that your IdP is configured to send unencrypted SAML responses.


Step 4: Configure your IdP Metadata into the SSO Profile created in Twilio

step-4-configure-your-idp-metadata-into-the-sso-profile-created-in-twilio page anchor

Go to the tab where you have the Twilio SSO Profile opened. Confirm that you have configured the Signing Option and NameID settings in your IdP and click on Continue

AzureSSO-AdminCenter-SP Metadata Configuration 2.

In the next step, please update the friendly name of the SSO Profile to an appropriate value that you can recognize.

Then select the Identity Provider from the dropdown. If your Identity Provider is not there in the dropdown then select 'Other/Generic SAML 2.0'

SSO-AdminCenter-Configure IdP Metadata 1 - Select Okta.

Upon selecting the Identity Provider you will see the IdP metadata fields as shown below.

SSO-Admin Center- Configure IdP Metadata 1 - Select 'Other'.

You will need to copy and paste the following values from your SAML Application in your Identity Provider -

  1. Issuer ID/URL: This is also known as 'Identity Provider Issuer', 'Issuer' or 'Identifier' in some IdPs. This issuer value will be sent by the IdP in SAML assertion and Twilio will verify that the value configured here matches the value present in the SAML assertion.
  2. Single sign-on URL: This is also known as 'SAML Endpoint', 'Login URL' or 'IdP SSO URL'. This is the URL where Twilio will send the SAML requests for authenticating users in the SP-initiated login flow
  3. X.509 Signing Certificate (Public Key): This should be the public key of the certificate that will be used to sign the SAML Response and Assertions for the SAML application you have configured in your IdP.

Once you have configured the 3 values, you can click on 'Save & Continue' to save the configured SSO profile and proceed to the next step to test the SSO connection.

Need some help?

Terms of service

Copyright © 2024 Twilio Inc.