General

Plivo supports user authentication using single sign-on (SSO) managed by your company’s preferred identity provider (currently in private beta). You can enable SSO through any identity provider (IDP) that supports SAML.

Once you configure SSO for a domain, you can use Plivo’s Team feature to ensure that users authenticate using SSO.

To configure SSO on your account, follow these steps.

1. Click on the Account icon at the bottom of the navigation menu, then Settings > Security.
2. In the Configure SSO widget, click Configure. You'll be redirected to an SSO configuration guide with a list of supported IDPs.
3. Select your preferred IDP and click Get Started, then follow the instructions on the configuration guide screens.

Once you’ve completed the process and reviewed the connection, click Back to Plivo in the top left corner to return to the console. The Configure SSO widget should then indicate an Active status.

If you exit from configuration before completing the steps, you can resume the process by clicking the Resume button.

Only email addresses with the domain configured for SSO will be authenticated with SSO. If an invited user’s email address contains a domain that is not configured for SSO, the user will be asked to provide a password.

You can delete an SSO connection by clicking Send Delete Request.

Plivo provides voice and messaging communication services in more than 190 countries, each of which has local laws about telecommunication services, and we partner with carriers worldwide whose policies we need to be compliant with. To ensure compliance with regulations, and prevent scenarios of SMS phishing and unsolicited voice calls, we have put measures in place to proactively verify account signups on the Plivo platform.

Why was my Plivo account signup put on hold?

Plivo is required to comply with local laws for telecommunication services around the globe. To ensure compliance with such regulations globally, we perform a risk assessment on all signups from new potential customers. If our assessment indicates a high risk, we may put a business on a hold list, indicating that we are unable to provide service to them at this time.

How can I get my account off the hold list?

If your signup is placed on hold and you think this was done in error, you can raise a reassessment request with our support team with the required details, but we may not be able to accommodate all such requests.

To increase your chances of having restrictions limited, please attach additional evidence (images, documents, or links) that indicates the legitimacy of your business, such as:

• Certificate of incorporation
• Employer identification number (EIN)
• Business card
• Better Business Bureau membership (in North America) or Financial Services Register (FCA) listing (in the UK)
• Screenshot of your application or platform
• Mentions of your business or application in the press
• For individuals, listing page on sites like Fiverr or Upwork or LinkedIn profile

At what stage does Plivo apply restrictions to an account?

Plivo may place restrictions on an account at the time of signup. Even after the signup our internal systems continuously review each account for anomalies. This may lead to your account being put under restrictions at a later time as well. If we apply restrictions to your account, we’ll send you an email detailing that and steps for you to raise a reassessment request.

How can I check whether my account has any restrictions?

You will be able to see an alert message when you log in to the Plivo console.

To request a change in account restrictions, please raise a ticket with our support team and include these mandatory details:

• Company name
• Company website
• Use case details (e.g. OTP, order tracking)
• Plivo services interested in (e.g. SMS or voice APIs, Zentrunk)
• If interested in SMS, provide a sample message
• Countries to which you intend to send traffic
• Estimated units per month
• Estimated spend per month

Our accounts team reviews requests and should be able to provide you an update within 5-7 business days.

My request was rejected — what could be the reasons?

We reject cases where not enough details were provided to our support team. Plivo also has a zero-tolerance policy for certain practices, and all requests related to them are immediately rejected:

• Use of credit credits that are flagged by our payment provider 
• Carrier complaints regarding content and traffic
• Phishing, spamming, and content not in accordance with our terms of service and acceptable use policy
• Procuring a large quantity of numbers on an account without any proportionate outbound usage of voice calls or SMS.

If our team doesn’t think that restrictions should be lifted, they will reject your request. We do not provide the reason for the rejection.

How can I request a reevaluation of my account restrictions?

Plivo ensures that all account requests are thoroughly reviewed and customer interests are well accounted for. However, If you feel we have made an error, or if you would like someone from our team to re-evaluate your case, please raise a support request with the required details. If our team decides not to remove the restrictions from your account after an additional review, it's safe to assume that Plivo will not change its decision.

Plivo’s best-in-class security features include real-time payment and usage alerts, two-factor authentication at login, and geo permission restrictions for its services. However, you must take some actions yourself to protect your account and account credentials.

How do I check whether my account has been compromised?

Plivo sends out an email alert each time someone logs in to your account from a new device. Plivo also sends payment receipts each time a payment attempt is made, for both successful and failed attempts. Check your account email inbox or spam folder and compare any of these email messages to your recent behavior. 

Alternatively, you can log in to your account and check the payment section. You can also review your usage by navigating to individual product screens (voice, SMS, Zentrunk, etc.) from the Plivo console. Each screen will have a summary of recent usage that you can compare with your expected usage.

How should I protect my account if I find it has been compromised?

If you suspect your account has been compromised, Plivo recommends that you change your account settings immediately:

1. Reset your password here.
2. Change your Auth Token here.
3. Review your geo permissions for
• SMS
• Voice
• Zentrunk
4. Set up 2FA on your account.

What practices should I follow to protect my account?

Follow the advice in our security best practices document. Specifically, Plivo recommends that users:

• Use a strong password with at least 12 characters and avoid sharing it with other users.
  
• Plivo offers role-based access control that you can use to share certain tasks for your account with other team members at your organization.
• If you must share credentials with multiple users, be sure to use a password manager.
• Plivo APIs require a valid Authentication ID and Token. Your Auth Token should be stored securely and in an encrypted format. Make sure only authorized personnel can access it and avoid sharing it over public networks, public GitHub repositories, and web servers. 

This video walks you through the Plivo console, so you can see where to locate key functions for your day-to-day operations.

Looking to keep your account secure? Follow these recommended best practices to make sure your information stays safe.

Plivo console security (for https://console.plivo.com)

1. Choose a strong password that includes at least 12 characters: uppercase, lowercase, special characters, and numbers. 
2. Enable two-factor authentication on your Plivo account.
3. Leverage role-based access controls when adding new users to the account. 
4. Don't use a group email address when registering a new account. We strongly recommend using an individual email for your Plivo account signup.
5. Use an email account that's monitored regularly so that you receive alerts and security notifications in a timely manner.
6. Auth ID and Auth Tokens are required to trigger SMS messages and voice calls. Auth Tokens should be treated as highly confidential as passwords and should not be published on open source platforms such as GitHub. 

SMS security

1. Enable Geo Permission under SMS > Settings > Geo Permissions to whitelist countries in which your users receive SMS notifications from you.
2. Enable the setting Authorization To View SMS/MMS Content under SMS > Settings > Other Settings to authorize the Plivo customer success team to view your SMS content, help you debug, and detect fraud activity more effectively.
3. Always redact incoming messages when creating a new application. Go to SMS > Applications > Add new application > Redact Incoming Messages to do that.

Voice security

1. Enable Geo Permission under Voice > Settings > Geo Permissions to whitelist countries in which your users receive voice calls from you.

Zentrunk security

1. When creating a password for your trunk, choose a strong password that includes at least 8 characters: uppercase, lowercase, special characters, and numbers.
   
2. Only whitelist the IP addresses from your PBX and be sure to update these addresses if the PBX IP addresses changed.

Pricing for Plivo products varies by country. You can check the prices on the Plivo console. 

For pricing of inbound and outbound calls, click on Voice > Pricing.

You can select the country from the drop-down menu to see rates in the console or download a .csv file listing the inbound and outbound call rates for each country.

For pricing of inbound and outbound SMS text messages, click on Messaging > Pricing. You can select the country from the drop-down menu to see rates in the console or download a .csv file listing the inbound and outbound messaging rates for each country.

You can also check Plivo pricing using our API.

You can discontinue using Plivo’s services and close your account from the Plivo console. Navigate to Account > Service Address and click Close Account.
A pop-up will prompt you to enter your Plivo credentials to confirm that you want to close the account.

This process is irreversible. Once you close your Plivo account:

• Plivo will permanently delete all of the account's applications, phone numbers, endpoints, and logs.
• Credits remaining in the account will be refunded back to your card within 20 business days. Kindly note that the remaining credits can be refunded only if the recharge is made in the last 90 days.
• Credits in trial accounts are not refunded.
• Users invited to manage the account will no longer be able to access the closed account.

Once a Plivo account is closed, a user with the same email address and phone number will no longer be able to sign up for a Plivo account. You must use a different email address and a phone number if you wish to create a new Plivo account.

Plivo is legally required to retain all identifying information and proof of address provided by customers, including email address and phone number information, even after an account is closed. 

You can change your password from the Plivo console. Click on Account > Settings > Security. Enter your old password for authentication and your new password twice, then Save Changes.

If you’ve forgotten your password and are unable to log in to your Plivo account, click on Forgot Password on the console login page. This will trigger an email to your registered email address. Click on the link provided in the email to enter a new password and log in.

Plivo uses the email address associated with your account to send important updates and notifications, so it's important to make sure the address is correct. Only the owner of an account can update the email address.

To update the email address associated with your Plivo account:

1. Log in to your Plivo account.
2. Click on Accounts > Settings > User Profile.
   
3. Click Update Email, enter the new email address, then click Update.
4. If there are no errors in the email address, you'll be prompted to authenticate your account.
5. Once the account is authenticated, Plivo will send a one-time password to your email address.
6. Go to your email inbox to receive the message with the OTP. 
7. Enter the OTP to validate and update the email address.
   

Starting May 20, 2021, you must use a secure two-factor authentication (2FA) mechanism to log in to the Plivo console. 2FA provides an additional level of security by asking for a unique verification code to be sent to your mobile number when you log in into your account. This provides more protection for your profile and transaction information even when your user credentials are compromised.

How can I enable 2FA on my account?

In the Plivo console, visit Account > Settings > Security. Under Two Factor Authentication toggle the button from Disabled to Enabled.Plivo will send you a confirmation email message. The next time you log in, Plivo will send a one-time password via SMS to the phone number associated with the account. The OTP will be valid for only three minutes. If it expires, or if you don't receive the OTP, verify your phone number and click Try Again. You can also request the OTP via phone call.

Can I change the number after it’s set up?

Yes. To change the number associated with your account for two-factor authentication, make sure you have access to both your old and new phone numbers. Please make sure the new number is a valid mobile number. In the Plivo console, click on Account > Settings > Security.

Click on Change Your Number. Enter your new phone number and click Update Number.

You'll receive a one-time password via SMS to the new phone number associated with the account. The OTP will be valid for only three minutes. If it expires, or if you don't receive the OTP, verify your phone number and click Try Again. You can also request the OTP via phone call.

Plivo uses Auth ID and Auth Token credentials to authenticate the account from which an API request is triggered: 

• Auth ID acts as your username.
• Auth Token acts as your password.

If another user gets access to your Auth ID and Auth Token, they'll be able to use your Plivo API to make calls and send messages to any destination. Make sure to keep your Auth ID and Auth Token private at all times and don't share them with any third party.

Where can I find my Auth ID and Auth Token?

You can find your Auth ID and Auth Token at the top of the home page of the Plivo dashboard. Click on the eyecon next to the Auth Token to make it visible.

How can I change my Auth ID or Auth Token?

The Auth ID of any Plivo account cannot be changed. However, you can change the Auth Token by clicking to Account > Settings > Credentials and choosing either of the two options listed.

When you click Generate Auth Token, Plivo will generate a new Auth Token that you can use as a password to authenticate your API requests.

If you suspect your Plivo account has been compromised, or you see charges that don't reflect your usage, immediately change your Auth Token and your Plivo account password. On the Account Credentials page where you change your password you can also set up two-factor authentication for increased security.

You can sign up for Plivo with a valid work email address and a phone number. We don’t allow signups from personal email domains (such as @gmail.com or @hotmail.com) or disposable email addresses, and you must not use a VPN to access Plivo’s console during the onboarding process. You’ll be asked to enter your name, and that name will appear on your invoices going forward. You’ll also need to set a password.

Activate your email address

Once you complete the signup form, we’ll send an activation link to your registered email address. By clicking on that link, you can activate your account. If you don’t receive an email, check your spam or trash folder. Also check your mail server settings to make sure it’s not blocking emails from Plivo. You can try resending the verification link from the console.

Verify your phone number

Plivo account registration requires a unique phone number to be linked with the account. You won’t be able to access your account until you complete the phone verification process. We use this number for two-factor authentication — we send a unique verification code to the number every time you log in to your account for enhanced security. You must use a valid, SMS-enabled, non-VoIP number, and the number country should match the region you’re signing up from. Also, the number should not be associated with any other existing Plivo account. You can change the phone number associated with your account at any time after you complete onboarding.

We’ll send a one-time password (OTP) to the number to complete the phone verification process. If you’re unable to receive a code from Plivo via text message, you can select the option to receive a code via phone call. 

Fill the questionnaire

To complete the registration process, you will need to answer a few quick questions. This questionnaire will help us to customize your Plivo experience.

Once you complete these steps you’ll have successfully registered your free trial account. After registering, you can use your account to test our voice and SMS services. 

If you face any issues while signing up, please reach out to our support team for assistance. Learn more about our services from our documentation.

To create a support ticket, start by navigating to the Plivo support homepage and clicking on Create New Ticket.

This brings you to a page that asks for:

• Your email address 
• A subject line that describes your query or issue
• A description of the query or issue
• The category of the query (to be selected from a drop-down menu)
• The priority of the ticket (another drop-down)

You can also add attachments. Click on Create a New Ticket to create the ticket. A member of our support team will investigate your request and reach out as soon as possible. You can check the status of a previous ticket from the support homepage by clicking on Check Ticket Status.