Twilio Frontline integrates with your existing Identity Provider to authenticate users and enable single sign-on (SSO). Frontline can work with any Identity Provider (IdP) that supports SAML (Security Assertion Markup Language) 2.0, enabling you to use your primary corporate account as the Identity Provider for Frontline.
This guide will walk you through the steps to set up AWS SSO so that it can be used as the IdP for Frontline. There is necessary configuration in the Twilio Console and in the AWS Console, so it is best to have a window open for each console as you're working through the setup.
If you already have an AWS account, skip this step. Otherwise, navigate to the AWS Console and create an account.
- If this is your first time using AWS SSO in this AWS account, follow the AWS documentation for enabling AWS SSO.
- In the AWS SSO console, click Add new Application, and then Add custom SAML 2.0 application, then Next at the bottom of the page.
- In "Configure Application", give the Application a name; for example,
- Note the AWS SSO sign-in URL, and the AWS SSO SAML issuer URL, we’ll use them when configuring Frontline in the Twilio Console.
- Download the AWS SSO Certificate, which we’ll upload to Frontline later to sign communication between AWS and Twilio.
- Leave the Application Start URL blank. Use the default values for relay state (no value) and session duration (one hour).
- Choose "Manually type your metadata values" and set the following values, replacing the example Realm SID (
JBxxxx), with your own Realm SID, which you can find on the Frontline Console SSO configuration page.
- Application ACS URL:
- Application SAML audience:
- Application ACS URL:
- Click Submit to create your Twilio Frontline SAML Application.
Claims are key-value pairs that the Identity Provider asserts to the application to be true. Frontline uses these to determine the key information it requires about each Frontline User.
You can configure claims by clicking the Actions dropdown and then Edit attribute mappings.
Add the following attribute mappings to the application, and then Save changes.
Note that "roles" is set statically to "agent". This means that all AWS SSO users will have "agent" privileges.
You can grant Frontline access to users and/or groups managed in AWS SSO.
- In AWS SSO, create a Group, and add the appropriate users to the group.
- In the Twilio Frontline SSO Application, open the Assigned users tab, click Assign users, open the Groups tab, and then select the newly created group.
Grab the URLs you noted in the "Create an Application in AWS SSO" section and configure SSO on the Frontline Console SSO configuration page.
- Name the Workspace ID with your preferred name
- Set the following values:
- Identity provider issuer: AWS SSO issuer URL
- SSO URL: AWS SSO sign-in URL
- X.509 Certificate: paste the content of the certificate downloaded from the AWS SSO console.
- Click Save
That’s it! Your AWS SSO users in the "Twilio Frontline" group should now be able to log in to Twilio Frontline through the mobile application.