Troubleshooting Errors during Test SSO Connection

This error can be caused by one of the following reasons - There is no existing user in your Twilio Organization with the email address you have entered OR The email address doesn't belong to a verified domain in the Organization.

• Please enter the email address of an existing managed user in your organization and make sure that the email domain is verified in your Twilio Organization.

This message is displayed when the admin who is configuring SSO enters their email address for the test SSO connection step. We strongly recommend using a different user's email for the test step so that if the SSO configuration is not correct the admin user is still able to log in to Twilio and make changes to the SSO profile

• Please enter the email address of an existing user other than the administrator who is configuring the SSO connection.

This error is caused when the email address for the test SSO belongs to a user who already has SSO enabled with a different SSO Profile.

• Please enter the email address of another existing user (other than the administrator) who doesn't have SSO enabled. You can check the SSO status of your users on the Users page in the Admin Center

If the test user is not getting redirected to the Identity Provider and instead is still being asked to enter their password for login to Twilio, then it means that SSO is not enabled for this user.

• Please check that the user is entering the same email address on the login page for which you have sent the test SSO email. If the email address is the same then check the SSO status for this user in the Admin Center and confirm whether SSO is enabled using the SSO Profile which you are testing.

If the test user is redirected from the Twilio login page but lands on a 404 not found page on the Identity Provider side, then it means that the IdP metadata may not be correctly configured in the Twilio SSO Profile.

• Please check and ensure that the IdP metadata (Issuer ID/Entity Id as well as the Single sign-on URL/Login URL) values are correctly configured. Save the SSO Profile and retry the test SSO connection step.
• You can also capture the SAML Request from the user's browser and user SAML Request decode tool to view the actual SAML request sent from Twilio and see if the value in SAML request matches with what is configured in the SSO Profile and your Identity Provider.

This error is caused when the test user has not been added to the new SAML App you created in your Identity provider. The user needs to have access to the new app so that they can log in and complete the test SSO step.

• Check and make sure that you have assigned the SAML App for Twilio Console to the test user in your Identity Provider.

This error is caused when the email address of the user in the Twilio Console does not match with the NameID attribute in the SAML Response received from the Identity Provider.

• In your Identity Provider check the NameID attribute setting and make sure that the NameID format is set to EmailAddress and the value is configured to the email address of the user.
• Also note that if the user has more than one email address, then the email address value to be selected should match the user's email address in Twilio Console User.

This error is caused when the message in the SAML response received by Twilio isn't Signed. Twilio requires the message to be signed.

• Check and ensure that the Signing Option for the SAML response in your IdP is set to send both the Message and the Assertion as 'Signed'.

This error is caused when the received SAML response is invalid. This can most likely happen if you are sending encrypted SAML responses to Twilio.

• Please check and make sure that the SAML response is set to be sent unencrypted.

This error is caused when the value of the Audience URI/Entity ID in the SAML response does not match the value configured in the Twilio SSO Profile.

• Please check and make sure that the Identity Provider metadata values are correctly configured in the Twilio SSO profile. If you are updating the values in the Twilio SSO Profile, save the changes and retry the test SSO connection step.