Rate this page:

Configuring Azure Active Directory with Twilio SSO

Single Sign-On for Twillio Console is available for customers with Twilio Enterprise Edition or Twilio Administration Edition. For more information, please talk to sales.

This guide covers your Azure ActiveDirectory Identity Provider with Twilio for SSO login to Twilio Console. If you are looking to Configure SSO for Twilio Flex or SendGrid, please refer to the configuration guides for them:

Before proceeding with SSO Configuration make sure that you have satisfied all of the prerequisites.

Step 1: Create a new SSO Profile in Twilio Admin Center

Go to Admin Center and click on the Single Sign-On option in the navigation bar as shown below

SSO-Admin Center - SSO Link in Nav.png

Create a new SSO Profile by clicking the ‘Create new SSO Profile’ button. You will land on the below screen where you can copy or download the SP Metadata.

SSO-AdminCenter-XML Download.png

Download Twilio as SP Metadata (XML file) and save this XML file so that you can find and upload it in a subsequent step.

Step 2: Create a new Enterprise Application for your Azure Active Directory

After logging into your Azure portal go to Azure Active Directory, click on 'Add' and select 'Enterprise Application' from the dropdown

SSO-AzureAD-Create App 1.png

Select 'Create your own Application' on the next Screen.

Enter a name for identifying this new application and select the option ‘Integrate any other application you don’t find in the gallery (Non-gallery)’.

SSO-AzureAD-Create App 3.png

Step 3: Configure the Twilio as SP Metadata in the created enterprise application

Once you have created an Enterprise App, the next step is to configure this application to connect with Twilio for SSO. For this click on the ‘Set up single sign on’ link and then select ‘SAML’ as the single sign on method.

After selecting SAML, you will see a screen as shown below. This is where we will configure the Twilio as SP metadata. Click on the ‘Upload metadata file’ button as shown below and then select the XML file you had downloaded in Step 1 above and upload it.

SSO-AzureAD-Configure SP 3.png

Upon uploading the XML file you will see the values for Basic SAML Configuration fields populated. Hit the save button to save these values

SSO-AzureAD-SP Configuration 6.png

Next you need to configure the Signing Option and NameID settings.

  • For NameID, click edit on ‘Attributes & Claims’. On the screen as shown below you’ll see the Unique User Identifier(Name ID) claim. Confirm that the value is set to the user’s email address attribute as per your directory and the format should be EmailAddress.
  • It is critical to ensure that the value of the Name ID claim should match exactly with the email address that your users will be signing up with in Twilio.

SSO-AzureAD-NameID Configuration.png

  • For the Signing Option, go to the SAML Signing Certificate settings and click Edit. You will see the below page. Here select the option 'Sign SAML response and assertion'.

SSO-AzureAD-Signing Option Configuration.png

Once the NameID and Signing Option are configured correctly, you are done with the configurations in your IdP and can now proceed to Configuring the IdP metadata into Twilio.

Step 4: Configure your IdP Metadata into the SSO Profile created in Twilio

Go to the tab where you have the Twilio Admin Center opened. Confirm that you have configured the Signing Option and NameID settings in your IdP and click on Continue

AzureSSO-AdminCenter-SP Metadata Configuration 2.png

In the next step, please update the friendly name of the SSO Profile to an appropriate value that you can recognize easily and select 'Azure ActiveDirectory' as the Identity Provider from the dropdown.

SSO-AdminCenter-Confgure IdP Metadata 1.png

Upon selecting the Identity Provider you will see the IdP metadata fields as shown below.

SSO-AdminCenter-IdP Metadata Confguration 2.png

You will need to copy the values of Azure AD Identifier and Login URL from your Enterprise Application into the Twilio SSO Profile. You will find these values in the Setup Single Sign-On page of your Enterprise Application as shown below

SSO-AzureAD-Copy IdP Metadata.png

For the SAML Signing Certificate, you will need to click on the ‘Edit’ button on the SAML Signing Certificate section. Upon clicking the edit button, you will see a screen as shown below. If you have to use a specific certificate you can import or create new. Once you have the appropriate signing certificate configured, click on the three dots at the right of that certificate and download the PEM Certificate file.

SSO-AzureAD-Download Certificate 1.png

Open the downloaded certificate file in any text editor. It should look like the below screenshot. Copy the entire text (including the -----Begin Certificate----- and -----End Certificate----- part as well) and paste it into the Certificate field for the SSO Profile in Twilio Admin Center

SSO-AzureAD-Download Certificate 1.png

After configuring these 3 values from your Enterprise Application into the SSO Profile, click the ‘Continue’ button to save the SSO Profile and proceed to the next step to test the SSO Connection.

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

Loading Code Sample...

        Thank you for your feedback!

        Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

        Sending your feedback...
        🎉 Thank you for your feedback!
        Something went wrong. Please try again.

        Thanks for your feedback!