While we may not admit to ever uttering the cliched phrase “teamwork makes the dream work,” we absolutely believe in the power of teams. That’s why Twilio has made it simple to configure and manage the team you have assigned to access your Twilio Console.
For purposes of this post, we’re focusing on account setup and user management in relation to Twilio’s Authy two-factor authentication (2FA) solution, but the processes outlined below apply to all users of the Twilio Console regardless of the integration you’re working with.
If this is your first time setting up a Twilio account, you’ll have to enable 2FA in order to create an Authy app. View our blog article about “Securing your Twilio Account With 2FA” for step-by-step instructions.
The Single-User Tenant is the most common user-type on the Twilio platform. In this scenario, the user act as the account administrator, billing manager, and developer for their application. As such, there is little need for a division between responsibilities. To prevent development and QA changes from affecting your production users, we suggest separating your production, development and QA implementations by using different API keys.
Below you can see how a single-user can setup a production, development, and QA Authy application.
While a single-user is the easiest way to approach Authy development, keep in mind that there are some limitations:
- Since 2FA is active when you create an Authy account, you cannot share accounts.
- A single user will have access to all information, from billing to API keys.
- If the account owner wins the lottery (or is hit by a bus), there is no recourse to regain access to the abandoned Twilio account.
Due to these limitations, we strongly encourage you to add a second user to your Twilio account as a backup administrator.
Larger organizations often need to separate access and responsibilities. You may want to limit access to API keys to administrators or the account owner. Or, for example, you may want invoices and credit card information to be handled only by your billing department.
Below is a breakdown of the general user-types provided by Twilio.
Explore more about these user types, and their different access permissions, on our Account Management support page.
Multi-User Tenant Suggestions
- Add a second administrator to prevent the possibility of becoming completely locked out of Twilio.
- Provide “billing” access to your accounting department.
- Create multiple Authy apps for all parts of your devstack: Production, QA, Dev1, Dev2, etc.
- Be careful with your API keys! Put them in an environment file and make sure they don’t end up in a public git repo.
Below is an example of a multi-user setup inside of a single Twilio account. You can add these users by browsing to Home > Settings > Manage Users.
While a multi-user setup is very effective for smaller organizations, there is still no way to prevent any administrator or developer from gaining access to your production API keys. To securely isolate production, QA, and dev tiers within Twilio, you’ll want to take advantage of our Subaccount feature, as outlined below.
Subaccount Expenses Rollup
All Subaccount expenses roll up to the primary account. To view expenses for both your Primary and Subaccounts, just click over to Home > Billing > Overview as the Owner, Administrator or Billing Manager.
Securing Your Organization
We hope this post has introduced you to the number of ways we offer to allow you to share access to your Twilio account. Single developers will find the single-tenant approach very simple to use when first getting started. For medium sized organizations or larger groups of developers, our multi-tenant approach is an excellent way to share access and delegate responsibilities.
Lastly, for those larger organizations or teams who are challenged with segmenting access and responsibilities between users and projects, Twilio’s Subaccounts or our Enterprise Plan can help you achieve peace of mind.