SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

Flex Insights Roles Based on SSO and Console Configuration

Issue

You may encounter issues when trying to assign specific Flex Insights roles (such as wfo.quality_manager) to users created via the Twilio Console. After assigning the Support role in Console > Account Management > Manage Users, you may find the Flex worker attributes reverted to ["flex.readteams","flex.readonlyadmin"] upon login. Then users will not be able to access the Flex Insights analytics portal or dashboards. Attempts to manually update the roles are overwritten at login.

 

Product

Twilio Flex

 

Environment

legacy Twilio Console

 

Cause

This issue occurs because Flex user roles and Flex Insights permissions are determined by the method used to create and authenticate users:

  • Console Users: Users created and managed via the Twilio Console can only be assigned a limited set of roles. The Support role in Console results in read-only access (flex.readteamsflex.readonlyadmin) and does not allow assignment of advanced Insights roles like wfo.quality_manager.
    • If a Console User has a role of "Support" They will have their roles defined as such: (flex.readteamsflex.readonlyadmin
    • If the console User has a role of Admin or Developer there roles will be defined as such.
      admin,wfo.full_access
  • SSO Users: Only users authenticated via SSO (e.g., Google Workspace SAML) can be assigned more granular roles, such as admin and wfo.quality_manager, through SSO attribute mapping. Console and SSO user roles are not synchronized, and manual changes to worker attributes are overwritten at login.

 

Resolution

To assign advanced Flex Insights roles (such as wfo.quality_manager) and grant access to analytics and dashboards:

  1. Use SSO for User Authentication:
    • Ensure the user logs in via your SSO provider (e.g., Google Workspace SAML), not via the Twilio Console login.
  2. Configure SSO Attribute Mapping:
    • In your SSO IdP, set up a multi-value text field for the roles attribute.
    • Assign the required roles (e.g., adminwfo.quality_manager) to the user in your IdP.
    • Reference Flex SSO configuration documentation for details.
  3. Remove Console User Role Conflicts:
    • Avoid assigning the Support role in the Twilio Console for users who need advanced Insights access.
    • If a user was previously created in Console, delete the worker in TaskRouter and have the user log in via SSO to create the correct worker profile.
  4. Verify Access:
    • After SSO login, confirm the user’s worker attributes include the correct roles.
    • The user should now be able to access Flex Insights analytics and dashboards as intended.

 

Additional Information

  • Only the following roles are available for Twilio Console users: ["flex.readteams","flex.readonlyadmin"] or ["admin","wfo.full_access"].
  • The wfo.quality_manager role is only available to SSO-authenticated users.
  • For granular permission control, always use SSO and configure roles in your IdP.
  • For more information, see below documents:
Have more questions? Submit a request
We can’t wait to see what you build.
Powered by Zendesk