Configure Salesforce SSO with Flex
Twilio is launching a new Console. Some screenshots on this page may show the Legacy Console and therefore may no longer be accurate. We are working to update all screenshots to reflect the new Console experience. Learn more about the new Console.
Have you already configured SSO using the preview.twilio.com
endpoint? Learn how to update your existing configuration with the Flex SSO Migration Guide.
This document walks through the setup process for Salesforce SSO in Twilio Flex. You'll need access to your Salesforce instance and permissions to configure it, as well as access to the Twilio Console.
After you setup your Single-Sign On configuration, the Twilio Console SSO page will provide your Login Link.
Create a self-signed certificate in Salesforce
You'll start by creating a certificate. You'll need to share this with Twilio later.
- Navigate to Setup > Security > Certificate and Key Management
- Press ‘Create Self-Signed Certificate’ button
- Give the certificate a label and Unique Name, e.g.,
SalesforceSSO
- Key Size default of 2048
- ‘Exportable Private Key’ should be ticked
- Press ‘Save’
- Press ‘Download Certificate’ (you’ll need the certificate later)
Enable Salesforce Identity Provider in Salesforce
Make sure that the Identity Provider is enabled in Salesforce.
- Navigate to Setup > Identity > Identity Provider
- Press ‘Enable Identity Provider’ button
- Select the certificate you created in the previous step
- Press ‘Save’
Create a Twilio Flex Connected App in Salesforce
Let's point Salesforce to the Flex side of the integration.
- Navigate to Apps > App Manager
- Press the New Connected App button
- Set Connected App Name to ‘Twilio Flex’
- Set API Name to ‘Twilio_Flex’
- Set Contact Email to a suitable email address
Web App Settings
- In the Web App Settings section, set the Start URL to
https://flex.twilio.com?path=/agent-desktop
- Enable SAML should be ticked
- Set Entity Id to
https://iam.twilio.com/v1/Accounts/ACxxxx/saml2/metadata
. Remember to replaceACxxx
with your Twilio Account SID. - Set ACS URL to
https://iam.twilio.com/v1/Accounts/ACxxxx/saml2
. Remember to replaceACxxx
with your Twilio Account SID. - Set Subject Type to Username
- Set Name ID Format to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
. - Set Issuer to
https://yourdomain.my.salesforce.com
- Set IdP Certificate to the one you created in the first step (e.g.,
SalesforceSSO
). - Check that the Verify Request Signatures option is unticked
- Check that Encrypt SAML Response is unticked
- Press Save
Add custom attributes
- On the following page, add two New Custom Attributes in the Custom Attributes section
- First custom attribute:
- Key: full_name
- Value: $User.FirstName + " " + $User.LastName
- Second custom attribute:
- Key: roles
- Value: ‘agent’ (in the quote marks)
Note: this will grant all users agent permissions in Flex. If users need supervisor or admin permissions, then first create a field on the User object and use the Insert Field option on the Custom Attribute.
Assign Profile Access to the Connected App
- Go to Setup
- On the setup menu, go to Administration > Users > Profiles or search for "Profiles."
- Select the profile you want to edit (e.g., "Standard User" )
- Under Connected App Access, check the box for the Twilio Flex app
- Click Save
Setup SSO in Twilio Flex
Almost done! Now, you need to configure the Twilio side of the integration.
- Open the Twilio Flex Single Sign-On admin page.
- Set Friendly Name to something related, e.g., SalesforceSSO
- Paste in the certificate you downloaded from Salesforce in step one
- Set Identity Provider Issuer to
https://yourdomain.my.salesforce.com
- Set Single Sign-On URL to
https://yourdomain.my.salesforce.com/idp/endpoint/HttpRedirect
- Set Default Redirect URL to
https://yourdomain.my.salesforce.com/idp/endpoint/HttpRedirect
- Press Save
Be sure that the Twilio SSO URL field matches the value you provided in Salesforce for ACS URL. To learn more about migrating from the preview.twilio.com URL to iam.twilio.com see our migration guide.
Open Salesforce and access the phone from the utility bar (in case it’s missing, add Open CTI Softphone to the utility bar). You should be able to log into Flex!
ヘルプが必要ですか?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.