Skip to contentSkip to navigationSkip to topbar
Twilio Docs
Page tools
On this page
Looking for more inspiration?Visit the

Configure Azure Active Directory with Frontline

Create an application

create-an-application page anchor

In the Microsoft Azure Portal(link takes you to an external page), select or search for Azure Active Directory, then select Enterprise Applications from the left navigation bar.

Navigation menu with Enterprise applications highlighted.

Select + New Application and choose Create your own application. Give your Application a name.

Text box with 'FrontlineSSO Setup' entered for app name.

Click the Create button.

Configure your application

configure-your-application page anchor

Once your application has been created, select Single sign-on from the Application menu and pick SAML as the sign-on method.

Select SAML for secure authentication in single sign-on setup.

Select Basic SAML Configuration and click Edit.

Basic SAML configuration with required fields for Identifier and Reply URL.

Edit settings as follows:

  • Set your Identifier (Entity ID) to https://iam.twilio.com/v2/saml2/metadata/JBxxx. Remember to replace JBxxx with your Twilio Realm SID, which you can find on the Frontline Console SSO configuration page(link takes you to an external page)
  • Set your Reply URL (Assertion Consumer Service URL) to https://iam.twilio.com/v2/saml2/authenticate/JBxxx. Remember to replace JBxxx with your Twilio Realm SID, which you can find on the Frontline Console SSO configuration page(link takes you to an external page)
Basic SAML configuration with fields for Identifier and Reply URL, including default Twilio URLs.

Click Save.

Under point 3 - SAML Signing Certificate, click edit and change the Signing Option to Sign SAML response and assertion. Leave SHA-256 as the Signing Algorithm.

SAML certificate details with download links and FrontlineSSO setup for Azure AD.

Click Save.

Configure Claims

configure-claims page anchor

From the Enterprise Applications section of the Azure website, click the FrontlineSSO Setup app and click the Single Sign-On heading in the left navigation bar, then click Edit on Attributes & Claims.

Add the following claims using Attributes as the source.

Table showing required claim 'user.mail' and additional claim 'roles' with values.

Click Save.

Save Application information and copy Application details

save-application-information-and-copy-application-details page anchor
SAML Signing Certificate and setup information.
  1. Download the Base64 Certificate - this will be added to the Twilio Frontline Console as X.509 Certificate.
  2. Make a note of the Login URL - this is the Single Sign-On URL in the Frontline Console.
  3. Make a note of the Azure AD identifier - this is the Identity Provider Issuer in the Frontline Console.

Configure roles

configure-roles page anchor

In Azure Active Directory, navigate to App Registrations > All applications. Click on your app (i.e. FrontlineSSO Setup) and go to the App roles heading in the left navigation bar.

FrontlineSSO Setup menu with App roles highlighted.

Click the User display name and add the Frontline-specific app role.

Table showing app roles with display names, descriptions, member types, values, IDs, and states.

Replace the display name with Agent, select Users/Groups as allowed member types, add agent as a value and a Frontline user as a description.

Click on the checkbox to enable this App role. Click Apply to save the changes.

Form to edit app role with fields for display name, member types, value, and description.

Ensure Users in the Directory are assigned to the Application

ensure-users-in-the-directory-are-assigned-to-the-application page anchor

Navigate back to your Application Overview page, and select Users and Groups. Click + Add user/group section.

In the Add Assignment page, click Users and groups and select the user you want to assign to the application. Click Select.

Then, click Select a role and click on agent. Next, click the Select and Assign button.

User list showing display name, object type, and assigned role as agent.

Please ensure that you have users assigned to your Application.

Configure Frontline with your new SAML credentials

configure-frontline-with-your-new-saml-credentials page anchor

Use the details gathered in the Save Application information and copy details section and add them to your SSO configuration on the Frontline Configure single sign-on page(link takes you to an external page) in the Twilio Console.

Form to configure single sign-on for Twilio Frontline with fields for Workspace ID, Realm SID, SSO URL, and X.509 Certificate.

Now, you should be able to log into Frontline using Azure Active Directory (Azure AD) as the Identity provider 🎉