Menu

Expand
Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Configure Salesforce SSO with Flex

Have you already configured SSO using the preview.twilio.com endpoint? Learn how to update your existing configuration with the Flex SSO Migration Guide.

This document walks through the setup process for Salesforce SSO in Twilio Flex. You'll need access to your Salesforce instance and permissions to configure it, as well as access to the Twilio Console.

After you setup your Single-Sign On configuration, the Twilio Console SSO page will provide your Login Link.

I'm ready - let's get started!

Create a self-signed certificate in Salesforce

You'll start by creating a certificate. You'll need to share this with Twilio later.

Salesforce Certificate and Key edit

  1. Navigate to Setup > Security > Certificate and Key Management
  2. Press ‘Create Self-Signed Certificate’ button
  3. Give the certificate a label and Unique Name, e.g., SalesforceSSO
  4. Key Size default of 2048
  5. ‘Exportable Private Key’ should be ticked
  6. Press ‘Save’
  7. Press ‘Download Certificate’ (you’ll need the certificate later)
Easy. What's next?

Enable Salesforce Identity Provider in Salesforce

Make sure that the Identity Provider is enabled in Salesforce.

Salesforce Identity provider setup

  1. Navigate to Setup > Identity > Identity Provider
  2. Press ‘Enable Identity Provider’ button
  3. Select the certificate you created in the previous step
  4. Press ‘Save’
This is a lot of Salesforce. When do we connect to Twilio?

Create a Twilio Flex Connected App in Salesforce

Let's point Salesforce to the Flex side of the integration.

Salesforce New connected app

  1. Navigate to Apps > App Manager
  2. Press the New Connected App button
  3. Set Connected App Name to ‘Twilio Flex’
  4. Set API Name to ‘Twilio_Flex’
  5. Set Contact Email to a suitable email address

Web App Settings

Salesforce SSO Flex (IAM v1)

  1. In the Web App Settings section, set the Start URL to https://flex.twilio.com?path=/agent-desktop
  2. Enable SAML should be ticked
  3. Set Entity Id to https://iam.twilio.com/v1/Accounts/ACxxxx/saml2/metadata. Remember to replace ACxxx with your Twilio Account SID.
  4. Set ACS URL to https://iam.twilio.com/v1/Accounts/ACxxxx/saml2/. Remember to replace ACxxx with your Twilio Account SID.
  5. Set Subject Type to Username
  6. Set Name ID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
  7. Set Issuer to https://yourdomain.my.salesforce.com
  8. Set IdP Certificate to the one you created in the first step (e.g., SalesforceSSO).
  9. Check that the Verify Request Signatures option is unticked
  10. Check that Encrypt SAML Response is unticked
  11. Press Save

Add custom attributes

Salesforce connected app custom attributes

  1. Add a New Custom Attributes
    1. First custom attribute:
      1. Key: full_name
      2. Value: $User.FirstName + " " + $User.LastName
    1. Second custom attribute:
      1. Key: roles
      2. Value: ‘agent’ (in the quote marks)

Setup SSO in Twilio Flex

Almost done! Now, you need to configure the Twilio side of the integration.

Single sign-on config

  1. Open the Twilio Flex Single Sign-On admin page.
  2. Set Friendly Name to something related, e.g., SalesforceSSO
  3. Paste in the certificate you downloaded from Salesforce in step one
  4. Set Identity Provider Issuer to https://yourdomain.my.salesforce.com
  5. Set Single Sign-On URL to https://yourdomain.my.salesforce.com/idp/endpoint/HttpRedirect
  6. Set Default Redirect URL to https://yourdomain.my.salesforce.com/idp/endpoint/HttpRedirect
  7. Press Save

Screen Shot 2019-10-31 at 5.26.49 PM.png

Be sure that the Twilio SSO URL field matches the value you provided in Salesforce for ACS URL. To learn more about migrating from the preview.twilio.com URL to iam.twilio.com see our migration guide.

Open Salesforce and access the phone from the utility bar (in case it’s missing, add Open CTI Softphone to the utility bar). You should be able to log into Flex!

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.