Skip to contentSkip to navigationSkip to topbar
Rate this page:
On this page

Self-hosted Flex: additional SSO configuration


overview page anchor

If you’re configuring SSO for a self-hosted Flex deployment, you need to update the appconfig.js configuration object to support authentication and single sign-on using a third-party identity provider (IdP).

For complete details about the configuration object and its properties, see the Flex UI API Reference(link takes you to an external page).

The type of SSO you’re using determines the changes you need to make:

  • Legacy SSO configuration (2.6.x or earlier) : Configure the sso object.
  • Enhanced SSO configuration (2.7.x or later) : Configure the sso object, and then add and configure the oauth object.


As soon as the oauth object exists in your appconfig.js file, Flex UI will try to use enhanced SSO for authorization. If you’re setting up an enhanced SSO connection (either for the first time or to migrate), make sure you configure the oauth object after completing the SSO setup or migration steps in Console.

Configure the sso object

configure-the-sso-object page anchor
  1. Set the sso object as follows:

appConfig.sso = {
accountSid: string,
loginPopup: boolean,
loginPopupFeatures: string,

  • accountSid is the Account SID of your Twilio project.
  • loginPopup indicates whether to launch the IdP login in a new window. The default is false.
  • loginPopupFeatures defines standard features to apply to the popup window.

Configure the oauth object

configure-the-oauth-object page anchor
  1. Add the oauth object as follows:

appConfig.oauth = {
connection: `${CONNECTION_NAME}`,
clientId: `${CLIENT_ID}`,
redirectUrl: `${DOMAIN_REDIRECT_URL}`,

  1. Retrieve the connection and clientId values using this request, and then add them to the configuration. Make sure to add your Account SID before running the request:

curl --location '{{YOUR_ACCOUNT_SID}}'

  1. For the redirectUrl value, add any domains where Flex is hosted. You must register these domains in the Trusted Domains section of the Single sign-on setup page(link takes you to an external page) in Twilio Console.


Both the Trusted domains section and the Domain redirect URL field are required to set up SSO to a self-hosted domain. This is in addition to the fields marked as required when you configure SSO via Console. See How do I log in to a self-hosted domain? to make sure your domain URL conforms to one of the allowed patterns.

Rate this page: