Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now

Menu

Expand
Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Integrate Google SSO with Flex

Please Note! Twilio does not yet support SP-Initiated SSO flows with Google SSO. Only IdP-Initiated SSO flows are supported at this time.

Prepare your Google App environment

Before we connect Google to your instance of Flex, we have to build a few things in the Google Admin Console to make things run a little bit more smoothly.

To log in a Flex user, you must pass a minimum of three attributes to Flex in the SAML. Google provides email as an attribute out of the box but does not provide the roles or full_name attributes. We will need to build these ourselves.

All the information supplied from the Identity Provider to Twilio is stored inside Twilio TaskRouter Worker Attributes. Consider local regulations for storing data and only provide data relevant for Flex usage. Learn more about Twilio's Privacy policy here.

  1. Navigate to the User Schema page in your Google Admin Console.
  2. Click on ADD CUSTOM ATTRIBUTE
  3. Category = Flex Details
  4. Create the two attributes below
Name Info Type Visibility No. of Values
Roles Text Visible to Admin Multi-value
Full Name Text Visible to Admin Single Value

Google User Custom Attributes

Optionally, you can add more attributes to accommodate the attributes needed by WFO.

Create a custom SAML app

Navigate to the Google Admin Console and click on Apps

Google Admin Console

Click SAML apps.

Google SAML apps

Then click the "Add a service/App to your domain" link, or click the + icon at the bottom right.

Google SAML App Add

Enable SSO for SAML application

Click on SETUP MY OWN CUSTOM APP

Google SAML App - 1

Google IdP Information

Download the certificate in the Option 1 section, and make a note of the SSO URL and Entity ID – you'll need these later.

Google SAML App - 2

Basic information for your custom app

  • Set your Application Name – This might be "Twilio Flex", or a name of your choosing
  • You may optionally add a description and logo

Google SAML App - 3

Here's a logo you can use!

product-icon-flex.png

Service provider details

Next, we need to set up the Service Provider Details. Twilio Flex is the Service Provider in this instance.

Setting Value Notes
ACS URL https://preview.twilio.com/iam/Accounts/ACxxxx/saml2

Make sure to replace the Account SID (ACxxxx) with your real Account SID.

Entity ID https://preview.twilio.com/iam/Accounts/ACxxxx/saml2

Make sure to replace the Account SID (ACxxxx) with your real Account SID! (yes this is the same URL twice)

Start URL https://flex.twilio.com/<your runtime domain>

This Login Link is available on the Twilio Console SSO configuration page, once your configuration has been saved.

Signed Response Checked!
Name ID

Basic Information & Primary Email

Name ID Format EMAIL

Google SAML App - 4

Attribute mapping

Now we need to add attributes that will be passed from the SAML to Flex. Create at least the three required attributes (case sensitive) to pass to Flex and map them to the appropriate fields.

Attribute Mapping

Add the mapped roles to your G Suite Users

Navigate back to the Google Admin Console and click on Users.

Screen Shot 2019-03-27 at 5.46.13 PM.png

Select a user and click into their User information section.

Screen Shot 2019-03-27 at 5.46.48 PM (1).png

Scroll to the attribute name you gave your Flex roles (in this example it's 'Flex Roles') and click the edit icon to add your roles. The current options are 'agent', 'admin', and 'supervisor'.

Screen Shot 2019-03-27 at 5.47.25 PM.png

Complete the setup

Now that you've configured your app, you must

Configure Flex with your SSO settings

Configure SSO in Twilio Console: https://www.twilio.com/console/flex/users/single-sign-on

Grab the URLs you noted in the Google IdP Information section above.

Setting Value Notes
Friendly Name Anything you want Google Apps SSO?
x.509 Certificate See notes --> Open the .pem file you downloaded above in your favorite text editor and copy/paste the entire contents of the file including all dashes.
Identity Provider Issuer Google's Entity ID (see above)
Single Sign-On URL Google's SSO URL (see above)
Default Redirect URL https://flex.twilio.com/<your runtime domain> You can find the name of your flex runtime domain here. Make sure you have your flex project selected at the top left.


Twilio Flex Config

Additional Configuration

Our Configuring SSO page has additional detail on how to initiate login from your Identity Provider, how to login to a self-hosted domain, and details on attributes that can be defined for each identity.

Testing

Navigate to https://flex.twilio.com/<your runtime domain> in incognito mode and you should be redirected to Google to Sign-In and then back to Flex.

Congrats!

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.