Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now


Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Integrating with Microsoft Azure Active Directory

Step One: Create an application

In the Azure Portal select Azure Active Directory followed by Enterprise Applications.

Azure Setup 1

Select Create New Application and choose Non-Gallery Application and give your Application a name.

Azure setup 2

Step Two: Configure your application

Select Single sign-on from the Application menu and pick SAML as the sign-on method.

Azure setup 3

Select Basic SAML Configuration.

Azure setup 4

Edit Settings as follows.

Azure setup 5

  • Replace the Account SID (ACxxxx) with your real Account SID.
    • https://preview.twilio.com/iam/Accounts/<YOUR ACCOUNT SID HERE>/saml2
  • Set both Entity ID and Reply URL.

Under point 3 - SAML Signing Certificate click edit and change Signing Option to Sign both Response and Assertion.

Azure setup 9

Step Three: Configure claims

Claims are key value pairs that the Identity Provider asserts to be true to the application. Flex uses these to determine the critical information about each Flex User.

Please Note! All the information supplied from the Identity Provider to Twilio is stored inside Twilio TaskRouter Worker Attributes. Consider local regulations for storing data and only provide data relevant for Flex usage (further information about Twilio Privacy policy).

Azure setup 6

  • In above example Azure passes to Flex the following attributes (full_name, email and roles). These are minimum attributes Flex requires.
  • Directory attribute user.employeeid will be used as the unique Flex user identifier.
  • We are also setting roles=agent for all users here but we recommend configuring the roles at Directory level and referencing them here.
  • Please ensure that you do not set any Namespace with these attributes.
  • Flex will merge update the Worker attributes with each successful SSO authentication.
  • Please see Identity Attributes section for further information about naming Attributes and other possible Worker attributes.

Step Four: Save Application information and copy Application details.

Azure setup 7

  1. Download the BASE64 Certificate - this will be added to Twilio Flex Console as X.509 CERTIFICATE
  2. Make a note of the Login URL - this is the SINGLE SIGN-ON URL in Flex Console.
  3. And Azure AD identifier - this is the IDENTITY PROVIDER ISSUER in Flex Console.

Step Five: Ensure Users in Directory are assigned to the Application.

Azure setup 7

Please ensure that you have users assigned to your Application.

Step Six: Configure Flex with your new SAML credentials

Configure SSO in Twilio Console: https://www.twilio.com/console/flex/users/single-sign-on

Using the details gathered in Step Four, save your SSO configuration with Twilio.

Azure setup 8

Additional Configuration

Our Configuring SSO page has additional detail on how to initiate login from your Identity Provider, how to login to a self-hosted domain, and details on attributes that can be defined for each identity.

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.