Help CenterSome organizations may require an additional layer of security to comply with their processes. The Enterprise plan in Text supports configuring a custom single sign-on (SSO) login for your team to help align your Text products with your company’s security protocols.
Configuring the custom SSO in your Identity Provider
If you’re not using a native integration template provided by Text, you’ll need to configure a few additional fields when creating a connection app from scratch. To create a SAML connection with a custom Identity Provider, configure the following fields when creating your app:
-
Set the single sign-on URL to https://accounts.text.com/v2/saml/callback. In your Identity Provider, it can be called Reply URL (Assertion Consumer Service URL).
-
Set the audience (or entity ID) field to https://accounts.text.com. This is a default value — this field has to match the editable Service Provider Entity ID field from your custom SSO settings in the Text Accounts panel.
-
Set the name ID format to persistent.
-
Add the following attribute:
- Name: subject_email,
- Name format: Unspecified,
- Value: user.email.
After completing this configuration in your Identity Provider SAML settings, follow the steps to set up the custom SSO connection in Text Accounts.
Configuring the custom SSO Identity Provider in Text Accounts
To enable custom SSO authentication, you need to set a connection between Text and your Identity Provider. To create this connection, you’ll need the following details from your provider:
-
SAML Single Sign-On URL
-
X.509 certificate
-
Identity Provider Entity ID
After you obtain the above information from your Identity Provider, log in to the Text Accounts.
-
In the Text Accounts panel, go to Settings -> Security.
-
Enable custom SSO configuration to fill in the Identity Provider details.
-
In the Identity Provider SSO URL field, enter the single sign-on URL from your Identity Provider.
-
In the X.509 certificate field, paste the X.509 certificate in the PEM format.
-
In the Identity Provider Entity ID field, enter the issuer entity ID of your Identity Provider.
-
The Service Provider Entity ID is already pre-filled and can stay unchanged, but you can edit it if your organization or Identity Provider requires a custom ID from the Service Provider.
-
Save the changes to complete the configuration.
Logging in with custom SSO as an agent
Once custom SSO login is enabled, your agents will receive an email confirmation about this change. They won’t be able to log in using their Text password anymore.
From then on, they’ll have to authenticate using their custom SSO credentials. To log in with a custom SSO, agents should choose the “Log in with custom SSO” option on the log in page, where they’ll need to log in with the connected Identity Provider.
Some frequently asked questions about SSO
-
How to add new agents when custom SSO is enabled?
When custom SSO is your chosen login method and you want to add a new agent, you’ll first need to make sure they’re registered with your Identity Provider. Otherwise, they won’t be able to authenticate and access Text products.
-
How does custom SSO work with 2-step authentication?
When you enable custom SSO, your Identity Provider handles all aspects of authentication for your agents. It means that whatever other security features you might be using, like two-step verification or logging in with Google, will no longer be supported.
-
How to reset your password with custom SSO enabled?
When you enable custom SSO, authentication is done outside Text. It means that agents' passwords won’t be stored in Text but in your SSO provider instead. Thus, the ability to reset the password with Text will also be disabled. In case any of your agents forgets their password, they’ll need to reset it in the integrated Identity Provider panel.
-
Can I enable custom SSO if my agents are added to more than one organization?
No. To be able to authenticate with custom SSO, none of your agents can be added to more than one organization.