Enforcing SSO for selected Domains

Before proceeding to enforcing SSO, you should have already:

• Added and verified the expected domains to your Organization

• Invited all your existing users as managed users into your Organization

  • SSO Enforcement will work only on managed users, so it is important to ensure that all users from your domain to be enforced are managed users in your Organization
  • It is recommended to use the Bulk User Import feature to capture all existing users and make them managed users in your Organization

To enable SSO for your users, you can select one or more verified domains to enforce SSO for them.

Expand image

You must enforce SSO only if the test SSO connection is successful. If you add domains to enforce while the SSO connection is not working, then all your users from those domains will face login failures.

Also note that when SSO is enforced for any user, they will only be allowed to log in using SSO. They will not be able to use their existing password to log in. So you should inform the users in your Twilio Organization before enforcing SSO for them.

Here's what will happen once you enforce SSO on a domain -

1. After submitting the domain for enforcement, Twilio will select all managed users in your Twilio Organization whose email addresses belong to the selected domain.
2. SSO will be enforced for all these users. This process may take a few minutes.
3. Twilio will not send any notifications or emails to the users.
4. If your users have an active session, then that won't be closed when SSO is enforced. Such users will be required to log in using SSO whenever they log in to Twilio Console the next time.
5. During enforcement, Twilio will not enforce SSO for the admin user who has triggered the enforcement.

If you want to add or remove domains from an SSO Profile, you can do so by editing the SSO Profile.