You can now allow your company to sign in to Aircall using Google accounts. When enabled, Google sign-in applies across all Aircall products, including the Aircall Workspace, Aircall Dashboard, and browser extensions.
Important: Adding new members or email addresses to your Google account will not automatically add them to Aircall. Admins must still create or invite each new user before they can sign in.
Note: To use Google single sign-on (SSO), users' Aircall login email addresses must match their Google account email addresses.
Enable Google sign-in
Only users with the Owner role can enable Google sign-in for their company from Aircall Dashboard.
Steps:
- My Company > Select the Security tab.
- Under Authentication method, choose Google sign-in.
- Click Save changes.
Important: All users will be logged out each time Google sign-in is enabled or disabled for your company. Any ongoing calls will not be interrupted, but users will need to log back in before making or receiving new calls. They can still tag and leave notes on completed calls before being prompted to log in again.
The logout will occur one hour after the change is made.
Log in with Google
Once Google sign-in is enabled, a Sign in with Google option will appear across all Aircall platforms:
- Dashboard
- Desktop, Web, and Mobile Phone applications
- CTI Phone and recording link pages
- Browser extensions
Users and admins can click Sign in with Google to be redirected to their Google account and complete authentication.
When Google sign-in is enabled:
- All users and admins must sign in using Google; password-based login will no longer work.
- Privileged users can still log in using either their password or Google account.
Add a privileged user
Privileged users have the option to use both standard and Google authentication from Aircall Dashboard.
Steps:
- My Company >Select the Security tab.
- Under Authentication method, click Manage privileged users.
- Add the users you wish to grant privileged access.
Benefits of Google sign-in
Using Google sign-in provides a more streamlined and secure experience for Aircall users. With a single Google login, users can access all Aircall products without needing separate credentials.
By delegating password and security management to Google, your company gains:
- Centralized control over password policies and requirements
- The ability to define minimum password length and expiration rules
- Enforcement of mandatory adaptive multi-factor authentication (MFA)
- Improved overall security compliance
Note: Cookies must be enabled to use Google sign-in in incognito or private browser windows.
Troubleshooting SSO cases
SSO login error due to email address mismatch
When signing in to Aircall using single sign-on (SSO), you may encounter an error that prevents access. This article explains why this happens and how to resolve it.
| Item | Description | |
|---|---|---|
| Symptom | SSO login error | When attempting to log in with SSO, the following error message appears: “We could not log you in. Please verify your login credentials.” |
| Cause | Email address mismatch | This error occurs when the email address associated with the user account does not match between Aircall and your SSO identity provider. Aircall uses the email address as a unique identifier during SSO authentication. If the email values differ, the login attempt fails. |
| Solution | Align email addresses |
Ensure that the user has the exact same email address configured in both Aircall and your SSO provider Steps:
|
Important: Even small differences, such as aliases or alternate domains, can cause SSO authentication to fail.
If the issue persists after confirming the email addresses match, verify that the user is assigned correctly to the SSO application and that SSO is properly configured in Aircall.
Relay state error during SSO login
You have enabled SSO login and see the following error when attempting to sign in: Invalid samlResponse or relayState from identity provider.
This error appears when the sign-in is initiated from your Identity Provider (IdP) rather than from Aircall.
Important: Aircall does not support IdP-initiated SSO. Only logins initiated from the Aircall login page are supported.
The best solution will be to start the SSO login from Aircall.
Steps:
- Open the Aircall Dashboard or Aircall Workspace login page.
- Select Sign in with SSO.
- Complete the authentication flow as prompted by your identity provider.
Tip: If you previously attempted to sign in from your IdP, start a new session by opening the Aircall login page directly, then choose Sign in with SSO.
FAQs
If I enable SAML or Sign-in with Google, will I be locked out of Aircall if I lose access to my Identity Provider (IdP)?
No. When SAML or Google sign-in is enabled, the user who sets up the connection is automatically added as a privileged user. If access to the IdP is lost, the privileged user can still sign in to Aircall using their email and password and revert the account back to email+password authentication.
Will enabling Single Sign-On (SSO) force users to log out immediately?
Not immediately. When SSO is enabled, all company refresh tokens are revoked, meaning user sessions won’t be refreshed after the current access token expires.
- For example: if a user is logged in at time T and SSO is enabled, they can continue using their session until T + 1 hour (the default access token lifetime).
- After that period, users will be required to log in using the configured SSO method.
This ensures minimal disruption while enforcing SSO for all new sessions.
I’m a privileged user. Can I still be protected by Multi-Factor Authentication (MFA) when using email and password?
Yes. Privileged users signing in via email+password (not SSO) will automatically be prompted for MFA. With adaptive MFA, users will be required to verify their identity with a temporary security code sent to their email whenever a suspicious login attempt is detected. This adds an extra layer of protection without interrupting regular login routines unnecessarily.
Aircall Status
Help logging in