Menu

Expand
Rate this page:

Configuring SSO with any other SAML2.0 Identity Provider

Single Sign-On for Twillio Console is available for customers with Twilio Enterprise Edition or Twilio Administration Edition. For more information, please talk to sales.

This guide covers configuring your SAML 2.0 Identity Provider with Twilio for SSO login to Twilio Console. If you are looking to Configure SSO for Twilio Flex, Frontline or SendGrid, please refer to the configuration guides for them:

Before proceeding with SSO Configuration make sure that you have satisfied all of the prerequisites.

Step 1: Create a new SSO Profile in Twilio Admin Center

Go to Admin Center and click on the Single Sign-On option in the navigation bar as shown below

SSO-Admin Center - SSO Link in Nav.png

Create a new SSO Profile by clicking the ‘Create new SSO Profile’ button. You will land on the below screen where you can copy or download the SP Metadata.

SSO-Admin Center - SP Metadata for Okta.png

Keep this tab open as you will need these values to configure a SAML application in your IdP

Step 2: Create a new SAML Application or App Integration in your Identity Provider

You will need to create an application or integration that will enable your users to be able to login to the Twilio Console via SAML single sign-on.

If your IdP supports multiple login methods for the application then please make sure to select SAML 2.0 as the login method.

Provide an appropriate name to the Application and if your IdP supports then upload Twilio Logo so that your users can recognize and use the application easily.

Step 3: Configuring SAML settings in your Application or App Integration

For your IdP to recognize Twilio SSO you will need to copy and paste the following values from the Twilio SSO Profile you created in Step 1 -

  1. Audience URI/Entity ID: this value will be used by your IdP to specify the entity or audience the SAML Assertion is intended for
  2. Assertion Consumer Service (ACS) URL or Single sign-on (SSO) URL: This is the Twilio URL where your IdP should send the SAML Response
  3. Recipient and Destination URLs: If your IdP requires these values to be configured separately then populate the same value as ACS/SSO URL in these fields as well
  4. Default Relay State: should be left blank

Apart from the above, you’ll also need to configure NameID and Signing Option settings in your IdP -

  1. NameID: The NameID format should be EmailAddress and its value should be configured to the email address attribute of your users.
  2. Signing Option: You should configure your IdP to send ‘Signed’ SAML Response as well as ‘Signed’ SAML Assertion to Twilio.
  3. Encryption: Twilio SSO does not support encrypted SAML response. So make sure that your IdP is configured to send unencrypted SAML responses.

Step 4: Configure your IdP Metadata into the SSO Profile created in Twilio

Go to the tab where you have the Twilio SSO Profile opened. Confirm that you have configured the Signing Option and NameID settings in your IdP and click on Continue

AzureSSO-AdminCenter-SP Metadata Configuration 2.png

In the next step, please update the friendly name of the SSO Profile to an appropriate value that you can recognize easily.

Then select the Identity Provider from the dropdown. If your Identity Provider is not there in the dropdown then select ‘Other/Generic SAML 2.0’

SSO-AdminCenter-Confgure IdP Metadata 1 - Select Okta.png

Upon selecting the Identity Provider you will see the IdP metadata fields as shown below.

SSO-Admin Center- Configure IdP Metadata 1 - Select 'Other'.png

You will need to copy and paste the following values from your SAML Application in your Identity Provider -

  1. Issuer ID/URL: This is also known as ‘Identity Provider Issuer’, ‘Issuer’ or ‘Identifier’ in some IdPs. This issuer value will be sent by the IdP in SAML assertion and Twilio will be verifying that the value configured here matches with the value present in the SAML assertion.
  2. Single sign-on URL: This is also known as ‘SAML Endpoint’, ‘Login URL’ or ‘IdP SSO URL’. This is the URL where Twilio will send the SAML requests for authenticating users in the SP-initiated login flow
  3. X.509 Signing Certificate (Public Key): This should be the public key of the certificate that will be used to sign the SAML Response and Assertions for the SAML application you have configured in your IdP.

Once you have configured the 3 values, you can click on ‘Save & Continue’ to save the configured SSO profile and proceed to the next step to test the SSO connection.

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

        
        
        

        Thank you for your feedback!

        Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

        Sending your feedback...
        🎉 Thank you for your feedback!
        Something went wrong. Please try again.

        Thanks for your feedback!

        Refer us and get $10 in 3 simple steps!

        Step 1

        Get link

        Get a free personal referral link here

        Step 2

        Give $10

        Your user signs up and upgrade using link

        Step 3

        Get $10

        1,250 free SMSes
        OR 1,000 free voice mins
        OR 12,000 chats
        OR more