Single Sign On (SSO) mitigates compliance and security risks for organizations by giving businesses control over user authentication and user revocation via corporate mandated tools.
Please Note: This feature is offered under the Twilio Enterprise Plan. If you have any questions or feedback, please contact firstname.lastname@example.org.
The purpose of this document is to describe the SSO capabilities Twilio supports and steps necessary to integrate your Identity Provider (IdP) with Twilio. The document is created for System Administrators or staff knowledgeable about SSO administration.
Once configured, Twilio acts as a Service Provider (SP) and allows users to login either via IdP Initiated flows or Service Provider initiated flows.
In order to integrate with Twilio, your IdP must support the following features:
The initial Twilio SSO integration will not support the following capabilities.
Twilio will continue to enhance its offerings and may support these, and other features, in the future.
Customers work with Twilio’s Support in order to setup and configure Single Sign On. The integration steps are as follows:
In order to configure SSO, you will need to provide the following details (your IdP may provide this as a combined XML file):
* Please ensure that the SSO Service URL is publically accessible.
Twilio will provide its Entity ID, Security Token Consumer URL, and Public x509 Certificate so that you may properly configure your IdP.
SAML responses must be signed and contain the following information:
In order to deploy the SSO integration, your staff and Twilio Support must validate that Twilio successfully integrates with your IdP, and that your users are able to log into Twilio.
The integration testing involves the following steps:
The next step is to identify the full set of users that you want to enable for SSO. This can be done in one of several ways:
Based on the prefered method, Twilio will provide a list of users that it will enable SSO for. You must review the list and ensure that these users exist within your Identity Provider.
Please note, if an employee is using an alias that does not exist within your IdP, we may not be able to enable SSO for that user’s account.
Once you have reviewed the final list of users, we can enable SSO for those users in Twilio’s console. You must ensure that your IdP is also appropriately configured to allow access to the Twilio application.
Before Twilio enforces SSO we recommend that you inform these employees that they will be logging into Twilio via their IdP. Once you give us the go ahead Twilio will start enforcing SSO for the specified users.