Single Sign-On for Twilio Console is available for customers with Twilio Enterprise Edition or Twilio Administration Edition. For more information, please talk to sales.
This guide covers configuring your SAML 2.0 Identity Provider with Twilio for SSO login to Twilio Console. If you are looking to Configure SSO for Twilio Flex, Frontline or SendGrid, please refer to the configuration guides for them:
Before proceeding with SSO Configuration make sure that you have satisfied all of the prerequisites.
Go to Admin Center and click on the Single Sign-On option in the navigation bar as shown below
Create a new SSO Profile by clicking the 'Create new SSO Profile ' button. You will land on the below screen where you can copy or download the SP Metadata.
Keep this tab open as you will need these values to configure a SAML application in your IdP
You will need to create an application or integration that will enable your users to be able to log in to the Twilio Console via SAML single sign-on.
If your IdP supports multiple login methods for the application then please make sure to select SAML 2.0 as the login method.
Provide an appropriate name to the Application and if your IdP supports then upload Twilio Logo so that your users can recognize and use the application.
For your IdP to recognize Twilio SSO you will need to copy and paste the following values from the Twilio SSO Profile you created in Step 1 -
Apart from the above, you'll also need to configure NameID and Signing Option settings in your IdP -
NameID: The NameID format should be EmailAddress and its value should be configured to the email address attribute of your users.
Signing Option: You should configure your IdP to send 'Signed' SAML Response as well as 'Signed' SAML Assertion to Twilio.
Encryption: Twilio SSO does not support encrypted SAML response. So make sure that your IdP is configured to send unencrypted SAML responses.
Go to the tab where you have the Twilio SSO Profile opened. Confirm that you have configured the Signing Option and NameID settings in your IdP and click on Continue
In the next step, please update the friendly name of the SSO Profile to an appropriate value that you can recognize.
Then select the Identity Provider from the dropdown. If your Identity Provider is not there in the dropdown then select 'Other/Generic SAML 2.0'
Upon selecting the Identity Provider you will see the IdP metadata fields as shown below.
You will need to copy and paste the following values from your SAML Application in your Identity Provider -
Once you have configured the 3 values, you can click on 'Save & Continue' to save the configured SSO profile and proceed to the next step to test the SSO connection.