Troubleshooting Errors during Test SSO Connection

If the test user is redirected from the Twilio page but lands on a 404 not found page on the Identity Provider side, it means that the IdP metadata may not be correctly configured on the Twilio SSO Profile.

• Please check and ensure that the IdP metadata (Issuer ID/Entity Id as well as the Single sign-on URL/Login URL) values are correctly configured. Save the SSO Profile and retry the test SSO connection step.
• You can also capture the SAML Request from the user's browser and user SAML Request decode tool to view the actual SAML request sent from Twilio and see if the value in SAML request matches with what is configured in the SSO Profile and your Identity Provider.

This error is caused when the test user has not been added to the new SAML App you created in your Identity provider. The user needs to have access to the new app so that they can log in and complete the test SSO step.

• Check and make sure that you have assigned the SAML App for Twilio Console to the test user in your Identity Provider.

This error is caused when the message in the SAML response received by Twilio isn't Signed. Twilio requires the message to be signed.

• Check and ensure that the Signing Option for the SAML response in your IdP is set to send both the Message and the Assertion as 'Signed'.

This error is caused when the received SAML response is invalid. This can most likely happen if you are sending encrypted SAML responses to Twilio.

• Please check and make sure that the SAML response is set to be sent unencrypted.

This error is caused when the value of the Audience URI/Entity ID in the SAML response does not match the value configured in the Twilio SSO Profile.

• Please check the entity ID configuration between your identity provider and the SSO profile.

This error is caused when the identity provider doesn't return the RelayState parameter along with the SAML response.

• Please check your identity provider settings to persist the relay state provided by SP.