Have you already configured SSO using the
preview.twilio.com endpoint? Learn how to update your existing configuration with the Flex SSO Migration Guide.
In the Microsoft Azure Portal select Azure Active Directory followed by Enterprise Applications.
Select Create New Application and choose Non-Gallery Application and give your Application a name.
Select Single sign-on from the Application menu and pick SAML as the sign-on method.
Select Basic SAML Configuration.
Edit Settings as follows.
- Set your Entity ID to
https://iam.twilio.com/v1/Accounts/ACxxxx/saml2/metadata. Replace ACxxxx with your real Account SID.
- Set your Reply URL to
https://iam.twilio.com/v1/Accounts/ACxxxx/saml2. Replace ACxxxx with your real Account SID
Under point 3 - SAML Signing Certificate click edit and change Signing Option to Sign both Response and Assertion.
Claims are key value pairs that the Identity Provider asserts to be true to the application. Flex uses these to determine the critical information about each Flex User.
- In above example Azure passes to Flex the following attributes (full_name, email and roles). These are minimum attributes Flex requires.
- Directory attribute user.employeeid will be used as the unique Flex user identifier.
- We are also setting roles=agent for all users here but we recommend configuring the roles at Directory level and referencing them here.
- Please ensure that you do not set any Namespace with these attributes.
- Flex will merge update the Worker attributes with each successful SSO authentication.
- Please see Identity Attributes section for further information about naming Attributes and other possible Worker attributes.
- Download the BASE64 Certificate - this will be added to Twilio Flex Console as X.509 CERTIFICATE
- Make a note of the Login URL - this is the SINGLE SIGN-ON URL in Flex Console.
- And Azure AD identifier - this is the IDENTITY PROVIDER ISSUER in Flex Console.
Please ensure that you have users assigned to your Application.
Using the details gathered in Step Four, save your SSO configuration on the Flex Console Single Sign-on settings page. Make sure you check the
USES IAM.TWILIO.COM radio button. To learn more about migrating from the preview.twilio.com URL to iam.twilio.com see our migration guide.
Our Configuring SSO page has additional detail on how to initiate login from your Identity Provider, how to login to a self-hosted domain, and details on attributes that can be defined for each identity.