Rate this page:

Configure AWS SSO with Frontline

Twilio Frontline integrates with your existing Identity Provider to authenticate users and enable single sign-on (SSO). Frontline can work with any Identity Provider (IdP) that supports SAML (Security Assertion Markup Language) 2.0, enabling you to use your primary corporate account as the Identity Provider for Frontline.

This guide will walk you through the steps to set up AWS SSO so that it can be used as the IdP for Frontline. There is necessary configuration in the Twilio Console and in the AWS Console, so it is best to have a window open for each console as you're working through the setup.

Register an AWS Account

If you already have an AWS account, skip this step. Otherwise, navigate to the AWS Console and create an account.

Create an Application in AWS SSO

  1. If this is your first time using AWS SSO in this AWS account, follow the AWS documentation for enabling AWS SSO.
  2. In the AWS SSO console, click Add new Application, and then Add custom SAML 2.0 application, then Next at the bottom of the page.
  3. In "Configure Application", give the Application a name; for example, Twilio Frontline.
    Configure Application
  4. Note the AWS SSO sign-in URL, and the AWS SSO SAML issuer URL, we’ll use them when configuring Frontline in the Twilio Console.
  5. Download the AWS SSO Certificate, which we’ll upload to Frontline later to sign communication between AWS and Twilio.
  6. Leave the Application Start URL blank. Use the default values for relay state (no value) and session duration (one hour).
    Application properties
  7. Choose "Manually type your metadata values" and set the following values, replacing the example Realm SID (JBxxxx), with your own Realm SID, which you can find on the Frontline Console SSO configuration page.
    • Application ACS URL:
    • Application SAML audience:
  8. Click Submit to create your Twilio Frontline SAML Application.

Configure Claims

Claims are key-value pairs that the Identity Provider asserts to the application to be true. Frontline uses these to determine the key information it requires about each Frontline User.

You can configure claims by clicking the Actions dropdown and then Edit attribute mappings.

Configure App Claims

Add the following attribute mappings to the application, and then Save changes.

Attribute Value Format
Subject ${user:email} emailAddress
email ${user:email} unspecified
roles agent unspecified

User attributes in the App

Note that "roles" is set statically to "agent". This means that all AWS SSO users will have "agent" privileges.

Assign Users to the Application

You can grant Frontline access to users and/or groups managed in AWS SSO.

  1. In AWS SSO, create a Group, and add the appropriate users to the group.
  2. In the Twilio Frontline SSO Application, open the Assigned users tab, click Assign users, open the Groups tab, and then select the newly created group.

Assign users to Frontline

Configure Frontline with your new SAML credentials

Grab the URLs you noted in the "Create an Application in AWS SSO" section and configure SSO on the Frontline Console SSO configuration page.

  1. Name the Workspace ID with your preferred name
  2. Set the following values:
    • Identity provider issuer: AWS SSO issuer URL
    • SSO URL: AWS SSO sign-in URL
    • X.509 Certificate: paste the content of the certificate downloaded from the AWS SSO console.
  3. Click Save

That’s it! Your AWS SSO users in the "Twilio Frontline" group should now be able to log in to Twilio Frontline through the mobile application.

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.


        Thank you for your feedback!

        Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

        Sending your feedback...
        🎉 Thank you for your feedback!
        Something went wrong. Please try again.

        Thanks for your feedback!