If you're configuring SSO for a self-hosted Flex deployment, you need to update the appconfig.js
configuration object to support authentication and single sign-on using a third-party identity provider (IdP).
For complete details about the configuration object and its properties, see the Flex UI API Reference.
The type of SSO you're using determines the changes you need to make:
sso
object.
sso
object, and then add and configure the
oauth
object.
As soon as the oauth
object exists in your appconfig.js
file, Flex UI will try to use enhanced SSO for authorization. If you're setting up an enhanced SSO connection (either for the first time or to migrate), make sure you configure the oauth
object after completing the SSO setup or migration steps in Console.
sso
object as follows:
1appConfig.sso = {2accountSid: string,3loginPopup: boolean,4loginPopupFeatures: string,5};
accountSid
is the Account SID of your Twilio project.
loginPopup
indicates whether to launch the IdP login in a new window. The default is false.
loginPopupFeatures
defines standard window.open() features to apply to the popup window.
oauth
object as follows:
1appConfig.oauth = {2connection: `${CONNECTION_NAME}`,3clientId: `${CLIENT_ID}`,4redirectUrl: `${DOMAIN_REDIRECT_URL}`,5};
connection
and
clientId
values using this request, and then add them to the configuration. Make sure to add your Account SID before running the request:
curl --location 'https://services.twilio.com/v1/Flex/Authentication/Config?AccountSid={{YOUR_ACCOUNT_SID}}'
redirectUrl
value, add any domains where Flex is hosted. You must register these domains in the
Trusted Domains
section of the
Single sign-on setup page
in Twilio Console.
Both the Trusted domains section and the Domain redirect URL field are required to set up SSO to a self-hosted domain. This is in addition to the fields marked as required when you configure SSO via Console. See How do I log in to a self-hosted domain? to make sure your domain URL conforms to one of the allowed patterns.