Skip to contentSkip to navigationSkip to topbar
Twilio Docs
Page tools
On this page
Looking for more inspiration?Visit the

Configure Salesforce SSO with Frontline

This document walks through the setup process for Salesforce SSO in Twilio Frontline.

You'll need access to your Salesforce instance and permissions to configure it, as well as access to the Twilio Console.

Register a developer account in Salesforce

register-a-developer-account-in-salesforce page anchor

If you already have a Salesforce developer account, jump straight to the next step. Otherwise, navigate to ttps://developer.salesforce.com/signup(link takes you to an external page) and create a free developer account.

Create a self-signed certificate in Salesforce

create-a-self-signed-certificate-in-salesforce page anchor

You'll start by creating a certificate. You'll need to share this with Twilio later.

  1. Navigate to Settings > Security > Certificate and Key Management
  2. Press Create Self-Signed Certificate button
  3. Give the certificate a label and Unique Name, e.g., SalesforceSSO
  4. Key Size default of 2048
  5. Exportable Private Key should be ticked
  6. Press Save.
  7. Press Download Certificate (you'll need the certificate later)
Salesforce SSO certificate and key edit form with self-signed type and 2048 key size.

Enable Salesforce Identity Provider in Salesforce

enable-salesforce-identity-provider-in-salesforce page anchor

Make sure that the Identity Provider is enabled in Salesforce.

  1. Navigate to Settings > Identity > Identity Provider
  2. Press Enable Identity Provider button
  3. Select the certificate you created in the previous step
  4. Press Save
(warning)

Warning

If you change this certificate, users won't be able to connect to service providers until you reconfigure each service provider to work with the new certificate.

Salesforce SSO certificate selection with save and cancel buttons.

Create a Twilio Frontline Connected App in Salesforce

create-a-twilio-frontline-connected-app-in-salesforce page anchor

Let's point Salesforce to the Frontline side of the integration.

  1. Navigate to Platform Tools > Apps > App Manager
  2. Press the New Connected App button
  3. Set Connected App Name to 'Twilio Frontline'
  4. Set API Name to 'Twilio_Frontline'
  5. Set Contact Email to a suitable email address
Salesforce form for creating a Twilio Frontline connected app with fields for app name, API name, and contact details.

Web App Settings

web-app-settings page anchor
  1. In the Web App Settings section, Enable SAML should be ticked.
  2. Set Entity ID to https://iam.twilio.com/v2/saml2/metadata/JBxxx. Just replace the example Realm SID, JBxxx, with your own Realm SID, which you can find on the Frontline Console SSO configuration page(link takes you to an external page).
  3. Set ACS URL to https://iam.twilio.com/v2/saml2/authenticate/JBxxx Again, replace the Realm SID (JBxxx) with your own Realm SID.
  4. Set Subject Type to Username.
  5. Set Name ID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
  6. Set Issuer to https://yourdomain.my.salesforce.com
  7. Set IdP Certificate to the one you created in the first step (e.g., SalesforceSSO).
  8. Check that the Verify Request Signatures option is unticked
  9. Check that Encrypt SAML Response is unticked
  10. Press Save
Web App Settings for Salesforce SSO with options for SAML configuration including Entity Id and ACS URL.

Add custom attributes

add-custom-attributes page anchor

In the Manage Connected Apps dashboard, click Twilio Frontline, go to the Custom Attributes section and click the New button.

Add a New Custom Attributes:

  • Key: roles
  • Value: 'agent' (in the quote marks)
Custom attributes table with key 'roles' and value 'agent'.

Assign Profile Access to the Connected App

assign-profile-access-to-the-connected-app page anchor
  1. In the Setup Home, go to Administration > Users > Profiles
  2. Select the profile you want to edit (E.g. "Standard User", "System Administrator", etc...)
  3. Under Connected App Access, check the box for the Twilio Frontline app
  4. Press Save

Setup SSO in Twilio Frontline

setup-sso-in-twilio-frontline page anchor

Almost done! Now, let's configure the Twilio side of the integration.

  1. Open the Frontline Console SSO configuration page(link takes you to an external page).
  2. Set Identity Provider Issuer to https://yourdomain.my.salesforce.com
  3. Set SSO URL to https://yourdomain.my.salesforce.com/idp/endpoint/HttpRedirect
  4. Paste in the certificate you downloaded from Salesforce.
  5. Press Save
Form fields for configuring SSO with Salesforce, including Workspace ID and SSO URL.

Now, you should be able to log into Frontline using Salesforce as the identity provider! 🎉

Troubleshooting

troubleshooting page anchor

Authentication failed

authentication-failed page anchor

If the Frontline application is not assigned to your User Profile in Salesforce, you will see the following error message:

Error 70004: Incorrect AccountSid or AuthToken, authentication failed with status 401.

The solution is to assign your connected application to your User Profile, as described here.