Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now


Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Set Up Salesforce SSO Identity Provider for Twilio Flex

This document walks through the setup process for Salesforce SSO in Twilio Flex. You'll need access to your Salesforce instance and permissions to configure it, as well as access to the Twilio Console.

After you setup your Single-Sign On configuration, the Twilio Console SSO page will provide your Login Link.

I'm ready - let's get started!

Create a self-signed certificate in Salesforce

You'll start by creating a certificate. You'll need to share this with Twilio later.

Salesforce Certificate and Key edit

  1. Navigate to Setup > Security > Certificate and Key Management
  2. Press ‘Create Self-Signed Certificate’ button
  3. Give the certificate a label and Unique Name, e.g., SalesforceSSO
  4. Key Size default of 2048
  5. ‘Exportable Private Key’ should be ticked
  6. Press ‘Save’
  7. Press ‘Download Certificate’ (you’ll need the certificate later)
Easy. What's next?

Enable Salesforce Identity Provider in Salesforce

Make sure that the Identity Provider is enabled in Salesforce.

Salesforce Identity provider setup

  1. Navigate to Setup > Identity > Identity Provider
  2. Press ‘Enable Identity Provider’ button
  3. Select the certificate you created in the previous step
  4. Press ‘Save’
This is a lot of Salesforce. When do we connect to Twilio?

Create a Twilio Flex Connected App in Salesforce

Let's point Salesforce to the Flex side of the integration.

Salesforce New connected app

  1. Navigate to Apps > App Manager
  2. Press the New Connected App button
  3. Set Connected App Name to ‘Twilio Flex’
  4. Set API Name to ‘Twilio_Flex’
  5. Set Contact Email to a suitable email address

Web App Settings

Salesforce connected app web app settings

  1. In the Web App Settings section, set the Start URL to https://flex.twilio.com?path=/agent-desktop
  2. Enable SAML should be ticked
  3. Set Entity Id to https://preview.twilio.com/iam/Accounts/[ACCOUNT_SID]/saml2. Remember to replace ACCOUNT_SID with your Twilio Account SID.
  4. Set ACS URL to the same URL as Entity Id
  5. Set Subject Type to Username
  6. Set Name ID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
  7. Set Issuer to https://yourdomain.my.salesforce.com
  8. Set IdP Certificate to the one you created in the first step (e.g., SalesforceSSO).
  9. Check that the Verify Request Signatures option is unticked
  10. Check that Encrypt SAML Response is unticked
  11. Press Save

Add custom attributes

Salesforce connected app custom attributes

  1. Add a New Custom Attributes
    1. First custom attribute:
      1. Key: full_name
      2. Value: $User.FirstName + " " + $User.LastName
    1. Second custom attribute:
      1. Key: roles
      2. Value: ‘agent’ (in the quote marks)
Are we there yet?

Setup SSO in Twilio Flex

Almost done! Now, you need to configure the Twilio side of the integration.

Single sign-on config

  1. Open the Twilio Flex Single Sign-On admin page.
  2. Set Friendly Name to something related, e.g., SalesforceSSO
  3. Paste in the certificate you downloaded from Salesforce in step one
  4. Set Identity Provider Issuer to https://yourdomain.my.salesforce.com
  5. Set Single Sign-On URL to https://yourdomain.my.salesforce.com/idp/endpoint/HttpRedirect
  6. Set Default Redirect URL to https://yourdomain.my.salesforce.com/idp/endpoint/HttpRedirect
  7. Press Save

Open Salesforce and access the phone from the utility bar (in case it’s missing, add Open CTI Softphone to the utility bar). You should be able to log into Flex!

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.