Configurar o Google Single Sign-On (SSO) com o Twilio Flex

Google SSO (Single Sign-On) allows users to use their existing Google account to authorize third-party applications. This allows users to easily login to applications without needing to set up a new account, or create a new set of credentials. In this guide, you will learn how to configure Google SSO with Twilio Flex.

Prepare your Google App environment

Before we connect Google to your Flex Instance, you have to configure a few steps in the Google Admin Console to ensure your app runs smoothly.

To log in a Flex user, you must pass three mandatory attributes to Flex in the SAML. Google provides email as an attribute out of the box but does not provide the roles or full_name attributes. You will need to configure these attributes yourself.

1. Navigate to the User Schema page in your Google Admin Console.
2. Click on ADD CUSTOM ATTRIBUTE.
3. Enter “Flex Details” for Category.
4. Create the "Roles" and "Full Name" attributes below.

   

5. Click Add to save your custom attributes.

Optionally, you can add more attributes to accommodate the attributes needed by WFO (Workforce Optimization).

Create a custom SAML app

SAML apps allow you to use Single Sign-On to authenticate once with a single set of credentials. You can then access different secured applications without needing to authenticate with different credentials each time.

1. Navigate to Google Admin Console and click on Apps.
2. Click Web and mobile apps
3. Click on Add app > Add custom SAML app
4. Enter the App name, then click Continue.
5. Copy your SSO URL and Entity ID and save them somewhere - you’ll need these later.
6. Download your Certificate.

   

7. Click Continue to proceed over to the Service provider details step.

Service Provider details

Em seguida, precisamos configurar os detalhes do provedor de serviços. Twilio Flex é o provedor de serviços neste caso.

Attribute mapping

Now we need to add attributes that will be passed from the SAML to Flex. Create the three required attributes (case sensitive) to pass to Flex and map them to the appropriate fields.

Note You need to ensure that you configured the Full Name and Roles attribute from Prepare your Google App environment. Otherwise, these attributes will not appear under the Google Directory attributes.

Add the mapped roles to your G Suite Users

1. Navigate to Google Admin Console and click on Users.
2. Select a user and click on their User information section
3. Scroll to Flex Details, the category name you set for the custom attributes during Step 4 in Prepare your Google App environment.
4. Click on the edit icon and add your roles. The current options are agent, admin, and supervisor.

Concluir a configuração

Now that you’ve configured your app, you must:

1. Verify your domain if you haven’t already. See Verify domain ownership.
2. Enable your SAML app. See the Turn on your SAML app section on Set up your own custom SAML application.

Configure Flex with your Google SSO settings

Grab the URLs you copied from Step 5 in Create a custom SAML app, and configure SSO on the Flex Console Single Sign-on settings page. Be sure that the Twilio SSO URL field matches the value you provided in Google for ACS URL. To learn more about migrating from the preview.twilio.com URL to iam.twilio.com see our migration guide.

Logo depois que tiver configurado o IDP para usar o URL iam.twilio.com, você deverá atualizar o URL de SSO do Twilio para a conta selecionando o botão de opção USES IAM.TWILIO.COM.

Additional SSO configuration

Nossa página Configuring SSO (Configuração de SSO) tem detalhes adicionais sobre como iniciar o login pelo provedor de identidade, como fazer login em um domínio auto‐hospedado e detalhes sobre atributos que podem ser definidos para cada identidade.

Testing Google SSO

Navigate to the Google SSO IdP URL (see above) in incognito mode, login, and you should be redirected to Flex.

Congrats! You now know how to configure Google SSO with Twilio Flex. You can now authenticate yourself into Twilio Flex using your Google account!