This document walks through the setup process for Salesforce SSO in Twilio Flex. You'll need access to your Salesforce instance and permissions to configure it, as well as access to the Twilio Console.
(information)
Info
After you set up your Single-Sign On configuration, the Twilio Console SSO page will provide your Login Link.
Create a self-signed certificate in Salesforce
You'll start by creating a certificate. You'll need to share this with Twilio later.
Navigate to
Settings > Security > Certificate and Key Management
Press
Create Self-Signed Certificate
button
Give the certificate a label and Unique Name, e.g., SalesforceSSO
Key Size default of 2048
Exportable Private Key
should be ticked
Press
Save.
Press
Download Certificate
(you'll need the certificate later)
Enable Salesforce Identity Provider in Salesforce
Make sure that the Identity Provider is enabled in Salesforce.
On the Setup page, on the left sidebar, navigate to Settings > Identity > Identity Provider.
Enhanced SSO configuration:
Copy this value from the
Set up your identity provider
page, which provides the specific value for your account.
urn:flex:JQxxxx
Legacy SSO configuration:
Remember to replace
ACxxx
with your
Twilio Account SID
.
https://iam.twilio.com/v1/Accounts/ACxxxx/saml2/metadata
Enhanced SSO configuration:
Copy the ACS URL value from the
Set up your identity provider
page, which provides the specific value for your account. Your value will look similar to this:
https://login.flex.us1.twilio.com/login/callback?connection=JQxxxx
Legacy SSO configuration:
Remember to replace
ACxxx
with your
Twilio Account SID
.
https://iam.twilio.com/v1/Accounts/ACxxxx/saml2
Set
Subject Type
to Username.
Set
Name ID Format
to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
.
Set
Issuer
to
https\://yourdomain.my.salesforce.com/
This will grant all users agent permissions in Flex. If you need to add supervisor or admin permissions, edit the "roles" custom attributes in the App Manager and include the roles in a comma separated value format. e.g: "agent, supervisor, admin" will grant the users the agent, supervisor, and admin role in Flex.
Create a Salesforce User
You can create a Salesforce user that will then be able to be used to login to Twilio Flex using SSO.
On the Setup page, navigate to Administration > Users > Users.
Click
New User
.
Fill in the required values:
First Name
Last Name
Alias
Email (You'll need this to receive a verification email)
Username
(You'll use this to login later)
Nickname
Select
Salesforce
for
User License
.
For
Profile
, select
Standard User
. This is to ensure that user can access Twilio Flex.
Scroll down and check
Generate new password and notify user immediately
.
Click
Save
.
Check your email for instructions on how to verify your account.
Assign Profile Access to the Connected App
On the Setup page, navigate to
Administration > Users > Profiles
.
Edit the
Standard User
profile.
Under
Connected App Access
, check the box for Twilio Flex app.
Click
Save
.
(warning)
Warning
Salesforce users that are assigned to specific Profiles must have profile access to your Twilio Flex app. In Create a Salesforce User, we created a user and assigned the Standard User profile. Profiles that do not have access will not be able to complete SSO with Flex.
Set up SSO in Twilio Flex
Almost done! Now, you need to configure the Twilio side of the integration.
Paste the certificate contents for the
X.509 Certificate
field.
Set
Identity Provider Issuer
to
https://<your-salesforce-subdomain>.salesforce.com/
.
Set
SSO URL
to
https://<your-salesforce-subdomain>.salesforce.com/idp/endpoint/HttpRedirect
.
Set
Default Redirect URL
to
https://<your-salesforce-subdomain>.salesforce.com/idp/endpoint/HttpRedirect
.
Click
Save
.
Testing SSO in Twilio Flex
To test your Salesforce integration with Twilio Flex, enter the auto-generated login link in your address bar. You can find it in the Flex Single Sign-On settings.
You will be redirected to Salesforce and will be required to login with your Salesforce credentials. Once you successfully authenticate using your Salesforce user, you should be redirected to Twilio Flex and have completed Single Sign-On with Salesforce!