Now more than ever, organizations must have security controls in place to protect against threats and unauthorized access. That is where single sign-on (SSO) comes in! As you may remember from our previous blog post, SSO centralizes and secures user access to multiple applications. With a single login, users can authenticate to their Twilio SendGrid account through their identity provider (IdP).
The Twilio SendGrid team is excited to announce that SSO is now generally available (GA) with some new and exciting enhancements that we will dive into below.
The first enhancement is Just-in-Time (JIT) provisioning, an industry standard that automatically creates a Twilio SendGrid user the first time a user accesses Twilio SendGrid through their IdP. When that user attempts to log in through the application tile, the IdP will pass the attributes that Twilio SendGrid requires in the Security Assertion Markup Language (SAML) assertion to create their account.
As soon as new users have Twilio SendGrid assigned in the IdP, they can get started without the administrator as a bottleneck.
JIT provisioning can significantly reduce the workload of an account administrator from the tedious task of manually creating new users in the Twilio SendGrid Console. As soon as new users have Twilio SendGrid assigned in the IdP, they can get started without the administrator as a bottleneck.
With JIT enabled, new teammates will be created with read-only access permissions. This permission level allows a teammate to view but not change or configure any information in the account. An administrator can modify the teammates’ permissions after the initial creation in account settings.
An SSO user can be authorized to access as many subuser accounts as needed, without requiring parent account permissions.
Another exciting enhancement with our GA release of SSO includes the ability to grant users access to more than one subuser account! An SSO user can be authorized to access as many subuser accounts as needed, without requiring parent account permissions. With this enhancement, organizations can provide SSO to users who need access to multiple subusers for their role while still restricting the scope of the actions.
Integrations with Okta and Azure Active Directory
Finally, we have made improvements to the setup process with 2 of the most widely used IdPs, Okta, and Azure Active Directory (AD). We have prebuilt integrations that simplify the SSO configuration steps and dedicated setup guides that provide easy-to-follow documentation. Instead of creating a custom application integration, prebuilt integrations speed adoption and are found directly in the IdP’s application catalog. This is available for Okta through the Okta Integration Network (OIN) and Azure through the Azure AD application gallery.
Get started with Twilio SendGrid’s SSO today
SSO for Twilio SendGrid is available to Marketing Campaigns’ Advanced, Email APIs’ Pro, Premier, and Custom plans. Both new and existing SSO integrations can take advantage of these new enhancements to improve your organization’s account security posture from unauthorized access.
To get started, go to the SSO settings page in your Twilio SendGrid account. For additional information on the setup process, please visit the SSO documentation and the Integrate Twilio and SendGrid Accounts Through SSO blog post.