Aircall Help Center | Aircall and Google sign-in

You can now allow your company to sign in to Aircall using Google accounts. When enabled, Google sign-in applies across all Aircall products, including the Aircall Workspace, Aircall Dashboard, and browser extensions.

Important: Adding new members or email addresses to your Google account will not automatically add them to Aircall. Admins must still create or invite each new user before they can sign in.

Note: To use Google single sign-on (SSO), users' Aircall login email addresses must match their Google account email addresses.

Enable Google sign-in

Only users with the Owner role can enable Google sign-in for their company from Aircall Dashboard.

Steps:

My Company > Select the Security tab.
Under Authentication method, choose Google sign-in.
Click Save changes.

Aircall security settings page showing authentication methods. The “Google” option is selected, allowing users to sign in with their Google account. Buttons for “Undo” and “Save changes” appear at the bottom, and “Customer Data Controls” settings for feedback and AI performance monitoring are enabled below..png

Important: All users will be logged out each time Google sign-in is enabled or disabled for your company. Any ongoing calls will not be interrupted, but users will need to log back in before making or receiving new calls. They can still tag and leave notes on completed calls before being prompted to log in again.
The logout will occur one hour after the change is made.

Log in with Google

Once Google sign-in is enabled, a Sign in with Google option will appear across all Aircall platforms:

Dashboard
Desktop, Web, and Mobile Phone applications
CTI Phone and recording link pages
Browser extensions

Users and admins can click Sign in with Google to be redirected to their Google account and complete authentication.

When Google sign-in is enabled:

All users and admins must sign in using Google; password-based login will no longer work.
Privileged users can still log in using either their password or Google account.

Add a privileged user

Privileged users have the option to use both standard and Google authentication from Aircall Dashboard.

Steps:

My Company >Select the Security tab.
Under Authentication method, click Manage privileged users.
Add the users you wish to grant privileged access.

Aircall security settings screen showing the “Add or remove privileged user” pop-up. The window lists users who can log in with any authentication method, alongside a search bar and pagination control. The background shows the “Manage privileged users” button highlighted under the Google authentication option..png

Benefits of Google sign-in

Using Google sign-in provides a more streamlined and secure experience for Aircall users. With a single Google login, users can access all Aircall products without needing separate credentials.

By delegating password and security management to Google, your company gains:

Centralized control over password policies and requirements
The ability to define minimum password length and expiration rules
Enforcement of mandatory adaptive multi-factor authentication (MFA)
Improved overall security compliance

Note: Cookies must be enabled to use Google sign-in in incognito or private browser windows.

Troubleshooting SSO cases

SSO login error due to email address mismatch

When signing in to Aircall using single sign-on (SSO), you may encounter an error that prevents access. This article explains why this happens and how to resolve it.

Item

Description

Symptom

SSO login error

When attempting to log in with SSO, the following error message appears: “We could not log you in. Please verify your login credentials.”

Cause

Email address mismatch

This error occurs when the email address associated with the user account does not match between Aircall and your SSO identity provider. Aircall uses the email address as a unique identifier during SSO authentication. If the email values differ, the login attempt fails.

Solution

Align email addresses

Ensure that the user has the exact same email address configured in both Aircall and your SSO provider

Steps:

Check the user’s email address in Aircall.
Check the corresponding user account in your SSO provider.
Confirm that the email addresses are identical, including spelling, capitalization, and domain.
Update one of the systems if needed so both email addresses match.
Ask the user to try logging in again with SSO.

Important: Even small differences, such as aliases or alternate domains, can cause SSO authentication to fail.

If the issue persists after confirming the email addresses match, verify that the user is assigned correctly to the SSO application and that SSO is properly configured in Aircall.

Relay state error during SSO login

You have enabled SSO login and see the following error when attempting to sign in: Invalid samlResponse or relayState from identity provider.

Aircall SSO error page displaying message ‘Invalid samlResponse or relayState from identity provider’ indicating an issue with SAML authentication response.

This error appears when the sign-in is initiated from your Identity Provider (IdP) rather than from Aircall.

Important: Aircall does not support IdP-initiated SSO. Only logins initiated from the Aircall login page are supported.

The best solution will be to start the SSO login from Aircall.

Steps:

Open the Aircall Dashboard or Aircall Workspace login page.
Select Sign in with SSO.
Complete the authentication flow as prompted by your identity provider.

Tip: If you previously attempted to sign in from your IdP, start a new session by opening the Aircall login page directly, then choose Sign in with SSO.

FAQs

If I enable SAML or Sign-in with Google, will I be locked out of Aircall if I lose access to my Identity Provider (IdP)?
No. When SAML or Google sign-in is enabled, the user who sets up the connection is automatically added as a privileged user. If access to the IdP is lost, the privileged user can still sign in to Aircall using their email and password and revert the account back to email+password authentication.

Will enabling Single Sign-On (SSO) force users to log out immediately?
Not immediately. When SSO is enabled, all company refresh tokens are revoked, meaning user sessions won’t be refreshed after the current access token expires.

For example: if a user is logged in at time T and SSO is enabled, they can continue using their session until T + 1 hour (the default access token lifetime).
After that period, users will be required to log in using the configured SSO method.

This ensures minimal disruption while enforcing SSO for all new sessions.

I’m a privileged user. Can I still be protected by Multi-Factor Authentication (MFA) when using email and password?
Yes. Privileged users signing in via email+password (not SSO) will automatically be prompted for MFA. With adaptive MFA, users will be required to verify their identity with a temporary security code sent to their email whenever a suspicious login attempt is detected. This adds an extra layer of protection without interrupting regular login routines unnecessarily.

Important: Adding new members or email addresses to your Google account will not automatically add them to Aircall. Admins must still create or invite each new user before they can sign in.

Note: To use Google single sign-on (SSO), users' Aircall login email addresses must match their Google account email addresses.

Enable Google sign-in

Only users with the Owner role can enable Google sign-in for their company from Aircall Dashboard.

Steps:

My Company > Select the Security tab.
Under Authentication method, choose Google sign-in.
Click Save changes.

Important: All users will be logged out each time Google sign-in is enabled or disabled for your company. Any ongoing calls will not be interrupted, but users will need to log back in before making or receiving new calls. They can still tag and leave notes on completed calls before being prompted to log in again.
The logout will occur one hour after the change is made.

Log in with Google

Once Google sign-in is enabled, a Sign in with Google option will appear across all Aircall platforms:

Dashboard
Desktop, Web, and Mobile Phone applications
CTI Phone and recording link pages
Browser extensions

Users and admins can click Sign in with Google to be redirected to their Google account and complete authentication.

When Google sign-in is enabled:

All users and admins must sign in using Google; password-based login will no longer work.
Privileged users can still log in using either their password or Google account.

Add a privileged user

Privileged users have the option to use both standard and Google authentication from Aircall Dashboard.

Steps:

My Company >Select the Security tab.
Under Authentication method, click Manage privileged users.
Add the users you wish to grant privileged access.

Benefits of Google sign-in

Using Google sign-in provides a more streamlined and secure experience for Aircall users. With a single Google login, users can access all Aircall products without needing separate credentials.

By delegating password and security management to Google, your company gains:

Centralized control over password policies and requirements
The ability to define minimum password length and expiration rules
Enforcement of mandatory adaptive multi-factor authentication (MFA)
Improved overall security compliance

Note: Cookies must be enabled to use Google sign-in in incognito or private browser windows.

Troubleshooting SSO cases

SSO login error due to email address mismatch

When signing in to Aircall using single sign-on (SSO), you may encounter an error that prevents access. This article explains why this happens and how to resolve it.

Item

Description

Symptom

SSO login error

When attempting to log in with SSO, the following error message appears: “We could not log you in. Please verify your login credentials.”

Cause

Email address mismatch

Solution

Align email addresses

Ensure that the user has the exact same email address configured in both Aircall and your SSO provider

Steps:

Check the user’s email address in Aircall.
Check the corresponding user account in your SSO provider.
Confirm that the email addresses are identical, including spelling, capitalization, and domain.
Update one of the systems if needed so both email addresses match.
Ask the user to try logging in again with SSO.

Important: Even small differences, such as aliases or alternate domains, can cause SSO authentication to fail.

If the issue persists after confirming the email addresses match, verify that the user is assigned correctly to the SSO application and that SSO is properly configured in Aircall.

Relay state error during SSO login

You have enabled SSO login and see the following error when attempting to sign in: Invalid samlResponse or relayState from identity provider.

This error appears when the sign-in is initiated from your Identity Provider (IdP) rather than from Aircall.

Important: Aircall does not support IdP-initiated SSO. Only logins initiated from the Aircall login page are supported.

The best solution will be to start the SSO login from Aircall.

Steps:

Open the Aircall Dashboard or Aircall Workspace login page.
Select Sign in with SSO.
Complete the authentication flow as prompted by your identity provider.

Tip: If you previously attempted to sign in from your IdP, start a new session by opening the Aircall login page directly, then choose Sign in with SSO.

FAQs

For example: if a user is logged in at time T and SSO is enabled, they can continue using their session until T + 1 hour (the default access token lifetime).
After that period, users will be required to log in using the configured SSO method.

This ensures minimal disruption while enforcing SSO for all new sessions.