Skip to main content
Checks that every Twilio account maps to an active employee on your People page.

About

When you connect Twilio to DSALTA, the platform syncs your Twilio account and any subaccounts using read-only API access. On every sync DSALTA compares those accounts against your People page, matched by email, and activates this check when an account does not map to an active employee.
Twilio accounts do not carry an email address, so this email-based match often can’t resolve an account to a person automatically. Use the Access list as an inventory of Twilio accounts and confirm each is owned by a current, authorized employee.

Why This Matters

Access tends to accumulate over time as roles change, leaving people — or shared accounts — with more than they need. Excess access to a communications platform that can send messages and place calls on your behalf widens your attack surface and breaks the principle of least privilege. Regularly validating who can reach it is a core control in SOC 2 and ISO 27001.

How to Fix

Before you begin
  • Ensure the Twilio integration is connected so DSALTA has the current list of accounts.
Validate Twilio access
  1. In the Twilio Console, review the accounts and members that can sign in.
  2. Remove or restrict anyone who is not a current, authorized employee.
  3. In DSALTA, go to Data Library → Access, filter for Twilio, and confirm each account maps to an active employee on the People page.
  4. Mark each reviewed account as In Scope (valid) or Not in Scope (to be revoked), and record the reviewer.
  5. Set a recurring access review schedule (quarterly is recommended).
Once every Twilio account maps to a valid, documented owner, DSALTA sets the check status to Passing.

Frequently Asked Questions

This check runs automatically every 24 hours while the Twilio integration is connected. You can also trigger a manual sync from Integrations in the sidebar.
Twilio’s API does not expose an individual member roster with a plain Account SID and Auth Token, so DSALTA lists your Twilio account and its subaccounts instead. Review each account’s owner manually against your People page.
Yes. If it does not apply to your environment, mark it as Not Applicable with a justification. The exclusion is documented for auditors.
No. DSALTA uses read-only API access and never modifies, creates, or deletes resources. All remediation is performed by your team directly in Twilio.