Configure Auth0 IdP with Twilio Flex

Auth0 is a platform that provides authentication as a service. Instead of managing your own user’s credentials, Auth0 can take care of that for you. In this guide, you will learn how you can configure Auth0 as a SAML Identity Provider with Flex. To learn more about how Auth0 works, visit the official Auth0 overview page.

Create an Application on Auth0

  1. Navigate to Applications > Applications, and click Create Application.
  2. Enter a name for your application, select Regular Web Applications as the application type, and then click Create.
  3. Select the Addons tab and click SAML2 Web App.
  4. Click the Settings tab and set the Application Callback URL to the appropriate value for your SSO configuration type:
    • Enhanced SSO configuration:
      Copy the ACS URL value from the Set up your identity provider page, which provides the specific value for your account. Your value will look similar to this:
    • Legacy SSO configuration:
      Replace ACxxxx with your Account SID, which you can find on the Twilio Console.
  5. Copy and paste the appropriate SAML Protocol Settings for your SSO configuration type in the Addons Settings:
    • Enhanced SSO configuration
        "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
        "signResponse": true,
        "audience": "urn:flex:JQxxxx"
    • Legacy SSO configuration:

        "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
        "signResponse": true
  6. Click Usage and download a copy of your Auth0 certificate.
  7. To save your settings, scroll down and click the Enable button, and then click Save.
  8. Select Settings.
  9. Scroll down to Application URIs, and confirm or add the appropriate value for your SSO configuration type to the Allowed Callback URLs:
    • Enhanced SSO configuration:
      Ensure that this field contains the ACS URL value from the Set up your identity provider page, which provides the specific value for your account. Your value will look similar to this:
    • Legacy SSO configuration:
      Ensure that this field contains the ACS URL and entity ID values for your account. Remember to replace ACxxxx with your own Account SID.
  10. Scroll down to Advanced Settings and select the Endpoints tab. Copy the SAML Protocol URL and Save the settings.

Create a Post Login action

Actions are Node.js functions that execute at certain points in Auth0. You can use custom actions to customize or extend Auth0's default capabilities. To learn more about actions and how they work, visit the official Auth0 docs on Auth0 Actions.

  1. Navigate to Actions > Flows, and click Login.
  2. Click + Actions and select Build from scratch.
  3. Enter a name, and then click Create. The Trigger and recommended Runtime values are set for you.
  4. In the Actions code editor, add the following code. If you want to send additional attributes to use for routing during login, you can also add them to this definition:
    exports.onExecutePostLogin = async (event, api) => {
    api.samlResponse.setAttribute("email", || null);
    api.samlResponse.setAttribute("full_name", || null);
    api.samlResponse.setAttribute("image_url", event.user.picture || null);
    api.samlResponse.setAttribute("roles", event.user.app_metadata.flex.roles);
    Note You will configure the roles property when you add a user in the next section.
  5. Click Deploy, and then return to the flow.
  6. In the Add Action section, select the Custom tab.
  7. Drag and drop your custom action into the flow, and then click Apply.

Add a User

  1. Navigate to User Management > Users, and click + Create User.
  2. Enter the Email, Password, and any required user details, and then click Create.
  3. Scroll down to app_metadata and assign the required roles (agent, admin or supervisor).
      "flex" : {
        "roles" : ["admin"]
    Note If you don't configure the roles for the user, the Post Login action you created in the previous section will fail.
  4. Click Save.

Configure Flex with your SAML credentials

  1. Navigate to Twilio Console > Flex > Single Sign-On.
  2. Under X.509 Certificate, copy and paste the contents of the Auth0 certificate you downloaded earlier. You can read the .pem file by using the cat command in your command prompt or terminal. For example: cat ./name/of/certificate-file.pem
  3. For Identity Provider Issuer, go to Applications > Your App > Addons > SAML2 Web App. Click Usage, and copy the value of “Issuer”.
  4. For Single Sign-On URL, paste the url for the SAML Protocol URL that you copied from Configure Auth0 IdP with Flex, step 8. Be sure to also append the query string at the end: `?connection=Username-Password-Authentication`
  5. Add your trusted domain which you can find under your application’s settings, and copy the value under “Domain”.
  6. Turn on Login Using Popup.
  7. Click Save to save your settings.
Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

Thank you for your feedback!

Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

Sending your feedback...
🎉 Thank you for your feedback!
Something went wrong. Please try again.

Thanks for your feedback!