Rate this page:

How to Configure Okta as a Frontline Identity Provider

Twilio Frontline integrates with your existing Identity Provider to authenticate users and enable single sign-on (SSO). Frontline can work with any Identity Provider (IdP) that supports SAML (Security Assertion Markup Language) 2.0, enabling you to use your primary corporate account as the Identity Provider for Frontline.

This guide will walk through the steps to set up Okta so that it can be used as the IdP for Frontline.

An Identity Provider (IdP) is a trusted entity that lets you enable SSO to access other websites or services such as Twilio Frontline with a single login. Your users can keep using their corporate user identities without having to remember lots of passwords, or having to retype passwords each time they access a different service connected to the same Identity Provider.

1. Register a developer account at Okta

If you already have an Okta developer account, jump straight to Step 2. Otherwise, navigate to and create a free developer account.

2. Create an application on Okta

OK, let’s create an Application in Okta. Just follow these steps:

  1. Navigate to the Applications tab, click Applications, and then Create App Integration:
  2. On the Create a New Application Integration panel, choose the SAML 2.0 sign on method and then click Next.
  3. You’ll be taken to the Create SAML Integration page. Under General Settings, give the Application a name; for example, Twilio Frontline. You can also upload a logo if you like:
  4. Click Next when you’re done.

3. Configure your Application

Okta will now show you the Create SAML Integration page’s SAML Settings tab. Just fill out the form that’s displayed as follows:

  1. Set the Single sign on URL to Just replace the example Realm SID, JBxxxx, with your own Realm SID, which you can find on the Frontline Console SSO configuration page.
  2. Set the Audience URI to Again, replace the Realm SID (JBxxxx) with your own Realm SID.
  3. Leave the Default RelayState field blank.
  4. The Application username can be an email address, an Okta username, or any other unique value:
  5. Please go to Advanced Settings and ensure that both Response and Assertion Signature are Signed. We do not currently support Assertion Encryption so please set that as Unencrypted.
    Add https to SAML Issuer ID.png

4. Configure Claims

Claims are key-value pairs that the Identity Provider asserts to the application to be true. Frontline uses these to determine the key information it requires about each Frontline User.

You configure claims by defining a “roles” attribute statements in the Okta console under Attribute Statements, like so:


The value for each attribute is:


With the provided setup Okta will pass the following attributes to Frontline:

  • email
  • roles

You do not need to explicitly claim a UserId, as it is already in the request itself.

After adding attributes, press Next.

On the next screen select "I'm an Okta customer adding an internal app" and optionally complete the details requested by Okta and click Finish. These are not required by your App.

OKTA Feedback

You can now add users by going to Directory > People and clicking the "Add Person" button or importing users as needed by selecting the More Actions button.

Once a user(s) has been created, you should add a role value to their userType attribute in Okta. This is done by selecting the user (click their name) and then navigating to the user’s Profile tab. Click Edit and set agent as the role for the user in the userType attribute.

Set userType as Agent

Only the agent role is available for selection.

See documentation on Identity Attributes for additional information about naming Attributes.

5. Copy Application details

Click Applications in the main menu and select Applications. Now click on your application and select the Sign On tab. Click the View SAML Setup Instructions button.

You’ll be presented with a new screen of Application information. Copy the following information to a safe location:

  • Identity Provider Single Sign-On URL,
  • Identity Provider Issuer, and
  • Certificate information.

You will need this information to configure Frontline to use this Application.

6. Assign Users to the Application

To assign your newly created Application to one or more users, go back to the previous page or click Applications and then select the Assignments Users to Apps button.

  1. Select your Application on the left hand side, under Applications. On the right, under People, select one or more users:
    Assign an application.png
  2. Now click Next.

7. Configure Frontline with your new SAML credentials

Grab the URLs you noted in Step Five and configure SSO on the Frontline Console SSO configuration page as follows.

  1. Under Workspace ID, enter your preferred name.
  2. Under SSO URL, enter the Identity Provider Single Sign-On URL field you had copied from Okta.
  3. Under X.509 Certificate, paste the certificate you had copied from Okta.

Configure single sign-on

Click Save and you’re done!

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.


        Thank you for your feedback!

        Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

        Sending your feedback...
        🎉 Thank you for your feedback!
        Something went wrong. Please try again.

        Thanks for your feedback!