Screenshots have been made using Okta.com Classic UI.
Within Okta, create an Application. Choose SAML 2.0
Give the Application a name - for example Twilio Flex. Upload a descriptive logo if needed.
Create Basic Settings for the Application. Please note that
- The SAML Single Sign On URL will be preview.twilio.com. Replace the Account SID (ACxxxx) with your real Account SID.
- https://preview.twilio.com/iam/Accounts/<YOUR ACCOUNT SID HERE>/saml2
- Set Audience URI to match the Single Sign On URL.
- The Default RelayState should be left blank
- The Application username can be an email, Okta username or something else unique.
Please ensure that both Response and Assertion are Signed (in Okta you will find them under Advanced Settings).
We do not currently support Assertion Encryption so please set that as Unencrypted.
Claims are key-value pairs that the Identity Provider asserts to be true to the application. Flex uses these to determine the critical information about each Flex User.
You can configure claims by defining a "roles" attribute statements via the Okta console, like so:
full_name value, you will need to leverage Okta's "Okta Expression Language" syntax to combine a first and last name in one of the following ways:
String.join(" ", user.firstName, user.lastName)
Okta will pass the following attributes to Flex:
image_url(for use in the Agent avatar)
You do not need to specifically claim a
UserId, as it is already in the request itself. After you've defined your role, Flex will update the Worker attributes with each successful SSO authentication.
Once a user is created, you should add a role value to their
userType attribute in Okta. You can find this under the User/People menu, and in the Profile tab of each user. Available roles are
You may add multiple roles for a user by separating their various roles with commas.
Want to learn more? See the documentation on Identity Attributes for further information about naming Attributes and other possible Worker attributes.
After completing the setup on the main page of your Application.
If you are using an older version of Flex UI prior to 0.7.0 follow step 1. If not skip to step 2.
1. Copy the App embed link. This is what you use to trigger Login/SSO and that you configure in your Flex Agent UI.
2. Select tab Sign On. Click View Setup instructions.
Copy Identity Provider Single Sign-On URL, Identity Provider Issuer and Certificate information. You need this information to configure Flex to use this Application.
In this example we override the default username as email to a custom username.
Configure SSO in Twilio Console: https://www.twilio.com/console/flex/users/single-sign-on
Using the details gathered in Step Four, save your SSO configuration with Twilio.
Our Configuring SSO page has additional detail on how to initiate login from your Identity Provider, how to login to a self-hosted domain, and details on attributes that can be defined for each identity.