Aircall Help Center | Configuring Microsoft Entra ID (Azure AD) for SAML authentication

This article explains how to configure Microsoft Entra ID (Azure AD) for SAML Single Sign-On (SSO) with Aircall.

Important: The instructions below apply only to companies that have had SAML Single Sign-On activated by Aircall.
If you would like SAML SSO enabled for your company, please contact our Customer Success team.
At this time, this feature is available to a limited number of customers.

Step 1: Create an enterprise application

Steps:

Sign in to the Azure Portal.
From the left-hand navigation menu, select Enterprise applications.
Click New application.
Choose Create your own application.
Select Integrate any other application you don’t find in the gallery (Non-gallery).
In the Create your own application modal, enter a name for your app (for example, acme-saml@aircall).
Click Create.

Step 2: Configure SAML

Steps:

From the Enterprise applications menu, select your newly created app (for example, acme-saml@aircall).
Click Single sign-on from the left-hand menu.
Under Basic SAML Configuration, click Edit.
Add the following details:
- Identifier (Entity ID): urn:amazon:cognito:sp:us-west-2_hZkGBmIsz
- Reply URL (Assertion Consumer Service URL): https://sso.aircall.io/saml2/idpresponse
Click Save.

Step 3: Export metadata

Steps:

On the same Single sign-on page, scroll to the SAML Certificates section.
Click Download next to Federation Metadata XML.
- Alternatively, you can right-click the Download button and copy the link URL.

Tip: Keep the downloaded XML file or copied link available. Aircall may request this information to complete your SSO setup.

For more information about SAML configuration, you can refer to Microsoft documentation or contact our Customer Success team.

Troubleshooting

If you receive an error when logging in that indicates the email address does not match between Aircall and Azure AD, follow the steps below to correct it.

Ensure the email address matches in Azure AD

Steps:

In Azure AD, open the user’s details and locate userPrincipalName.
- If userPrincipalName does not match the user’s email address in Aircall, continue to the next step.

Go to the SAML connection configuration.
Click Edit next to Attributes & Claims.

Azure Active Directory SSO configuration page showing Basic SAML Configuration and Attributes & Claims sections with Edit option highlighted..png

Select claims/emailaddress (typically the first field, with value user.mail).

Azure Active Directory Attributes & Claims settings page showing additional claims list with ‘user.mail’ value highlighted..png

Update the Source attribute to user.userprincipalname, then click Save.

Azure Active Directory Manage Claim page showing source attribute ‘user.userprincipalname’ configuration for email address mapping.png

Recreate the SAML connection in Aircall and try logging in again.

This article explains how to configure Microsoft Entra ID (Azure AD) for SAML Single Sign-On (SSO) with Aircall.

Important: The instructions below apply only to companies that have had SAML Single Sign-On activated by Aircall.
If you would like SAML SSO enabled for your company, please contact our Customer Success team.
At this time, this feature is available to a limited number of customers.

Step 1: Create an enterprise application

Steps:

Sign in to the Azure Portal.
From the left-hand navigation menu, select Enterprise applications.
Click New application.
Choose Create your own application.
Select Integrate any other application you don’t find in the gallery (Non-gallery).
In the Create your own application modal, enter a name for your app (for example, acme-saml@aircall).
Click Create.

Step 2: Configure SAML

Steps:

From the Enterprise applications menu, select your newly created app (for example, acme-saml@aircall).
Click Single sign-on from the left-hand menu.
Under Basic SAML Configuration, click Edit.
Add the following details:
- Identifier (Entity ID): urn:amazon:cognito:sp:us-west-2_hZkGBmIsz
- Reply URL (Assertion Consumer Service URL): https://sso.aircall.io/saml2/idpresponse
Click Save.

Step 3: Export metadata

Steps:

On the same Single sign-on page, scroll to the SAML Certificates section.
Click Download next to Federation Metadata XML.
- Alternatively, you can right-click the Download button and copy the link URL.

Tip: Keep the downloaded XML file or copied link available. Aircall may request this information to complete your SSO setup.

For more information about SAML configuration, you can refer to Microsoft documentation or contact our Customer Success team.

Troubleshooting

If you receive an error when logging in that indicates the email address does not match between Aircall and Azure AD, follow the steps below to correct it.

Ensure the email address matches in Azure AD

Steps:

In Azure AD, open the user’s details and locate userPrincipalName.
- If userPrincipalName does not match the user’s email address in Aircall, continue to the next step.

Go to the SAML connection configuration.
Click Edit next to Attributes & Claims.

Select claims/emailaddress (typically the first field, with value user.mail).

Update the Source attribute to user.userprincipalname, then click Save.

Recreate the SAML connection in Aircall and try logging in again.