Configure Salesforce SSO with Flex

Twilio is launching a new Console. Some screenshots on this page may show the Legacy Console and therefore may no longer be accurate. We are working to update all screenshots to reflect the new Console experience. Learn more about the new Console.

Have you already configured SSO using the endpoint? Learn how to update your existing configuration with the Flex SSO Migration Guide.

This document walks through the setup process for Salesforce SSO in Twilio Flex. You'll need access to your Salesforce instance and permissions to configure it, as well as access to the Twilio Console.

After you setup your Single-Sign On configuration, the Twilio Console SSO page will provide your Login Link.

I'm ready - let's get started!

Create a self-signed certificate in Salesforce

You'll start by creating a certificate. You'll need to share this with Twilio later.

Salesforce Certificate and Key edit

  1. Navigate to Setup > Security > Certificate and Key Management
  2. Press ‘Create Self-Signed Certificate’ button
  3. Give the certificate a label and Unique Name, e.g., SalesforceSSO
  4. Key Size default of 2048
  5. ‘Exportable Private Key’ should be ticked
  6. Press ‘Save’
  7. Press ‘Download Certificate’ (you’ll need the certificate later)
Easy. What's next?

Enable Salesforce Identity Provider in Salesforce

Make sure that the Identity Provider is enabled in Salesforce.

Salesforce Identity provider setup

  1. Navigate to Setup > Identity > Identity Provider
  2. Press ‘Enable Identity Provider’ button
  3. Select the certificate you created in the previous step
  4. Press ‘Save’
This is a lot of Salesforce. When do we connect to Twilio?

Create a Twilio Flex Connected App in Salesforce

Let's point Salesforce to the Flex side of the integration.

Salesforce New connected app

  1. Navigate to Apps > App Manager
  2. Press the New Connected App button
  3. Set Connected App Name to ‘Twilio Flex’
  4. Set API Name to ‘Twilio_Flex’
  5. Set Contact Email to a suitable email address

Web App Settings

Salesforce SSO Flex (IAM v1)

  1. In the Web App Settings section, set the Start URL to
  2. Enable SAML should be ticked
  3. Set Entity Id to Remember to replace ACxxx with your Twilio Account SID.
  4. Set ACS URL to Remember to replace ACxxx with your Twilio Account SID.
  5. Set Subject Type to Username
  6. Set Name ID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
  7. Set Issuer to
  8. Set IdP Certificate to the one you created in the first step (e.g., SalesforceSSO).
  9. Check that the Verify Request Signatures option is unticked
  10. Check that Encrypt SAML Response is unticked
  11. Press Save

Add custom attributes

Salesforce connected app custom attributes

  1. On the following page, add two New Custom Attributes in the Custom Attributes section
    1. First custom attribute:
      1. Key: full_name
      2. Value: $User.FirstName + " " + $User.LastName
    2. Second custom attribute:
      1. Key: roles
      2. Value: ‘agent’ (in the quote marks)

Note: this will grant all users agent permissions in Flex. If users need supervisor or admin permissions, then first create a field on the User object and use the Insert Field option on the Custom Attribute.

Assign Profile Access to the Connected App

  1. Go to Setup
  2. On the setup menu, go to Administration > Users > Profiles or search for "Profiles."
  3. Select the profile you want to edit (e.g., "Standard User" )
  4. Under Connected App Access, check the box for the Twilio Flex app
  5. Click Save

Setup SSO in Twilio Flex

Almost done! Now, you need to configure the Twilio side of the integration.

Single sign-on config

  1. Open the Twilio Flex Single Sign-On admin page.
  2. Set Friendly Name to something related, e.g., SalesforceSSO
  3. Paste in the certificate you downloaded from Salesforce in step one
  4. Set Identity Provider Issuer to
  5. Set Single Sign-On URL to
  6. Set Default Redirect URL to
  7. Press Save


Be sure that the Twilio SSO URL field matches the value you provided in Salesforce for ACS URL. To learn more about migrating from the URL to see our migration guide.

Open Salesforce and access the phone from the utility bar (in case it’s missing, add Open CTI Softphone to the utility bar). You should be able to log into Flex!

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

Thank you for your feedback!

Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

Sending your feedback...
🎉 Thank you for your feedback!
Something went wrong. Please try again.

Thanks for your feedback!

Refer us and get $10 in 3 simple steps!

Step 1

Get link

Get a free personal referral link here

Step 2

Give $10

Your user signs up and upgrade using link

Step 3

Get $10

1,250 free SMSes
OR 1,000 free voice mins
OR 12,000 chats
OR more