How to configure SAML Authentication via Okta

Summary

This article explains how SAML authentication via Okta works in Aircall, its key components, and how to use it effectively.

⚠️ Important:

• The instructions in this article apply only to companies that have had SAML Single Sign-On activated by Aircall.
• To request activation, please contact your Account Manager.
• Currently, this functionality is available to a limited number of customers.

Feature overview:

• What it does: Enables Single Sign-On (SSO) for Aircall users through Okta, allowing secure and streamlined access.
• Who can use it: Available to Aircall customers who have had SAML Single Sign-On activated for their company by Aircall.
• Where to access it: Okta Admin Console and Aircall Admin Dashboard.

How It Works:

Step 1: Create a SAML App Integration in Okta

1. Log in to your Okta Admin Console (https://company.okta.com/admin/dashboad)
2. Navigate to Applications > Applications.
3. Click on Create App Integration.
4. In the modal, select SAML 2.0 as the sign-in method.
5. Click -> Next.

⚠️Note: After configuration, users must log in via dashboard.aircall.io/login/sso or use the “Login with SSO” button in the Aircall app. Accessing Aircall via the Okta dashboard tile is not supported.

Step 2: Configure SAML Integration for Your Okta App

1. On the Create SAML Integration page, under General Settings, enter an app name (e.g., acme-saml@company).
2. (Optional) Upload a logo and set visibility preferences.
3. Click → Next.
4. Under the General section, input:
    
   • Single sign-on URL: https://sso.aircall.io/saml2/idpresponse

   • Audience URI (SP Entity ID): urn:amazon:cognito:sp:us-west-2_hZkGBmIsz

5. Under Attribute Statements, add:
   • Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
   • Name format: Leave unspecified

   • Value: user.email

6. Click Next, accept default values, and then click ->Finish.

Step 3: Assign Users to the Okta App

1. In the Okta application you just created, go to the Assignments tab.
2. Click Assign to add users or groups who should have SSO access to Aircall.

Step 4: Export the Identity Provider (IdP) Metadata

1. In the Okta application, navigate to the Sign On tab.
2. Under SAML Signing Certificates, locate the active certificate.
3. Click Actions > View IdP metadata.
4. In the new browser tab that opens, either:
    
   • Copy the URL of the metadata.
   • Download the XML file.

You'll need this metadata to complete the SAML setup in Aircall.

Tips for Best Use:

• Pre-Activation: Ensure SAML Single Sign-On is activated for your company by contacting your Aircall Account Manager before beginning configuration.
• Login Method: Always use dashboard.aircall.io/login/sso or the “Login with SSO” button in the Aircall app for access.
• Metadata Management: Keep the IdP metadata URL or XML file secure and accessible for future reference or reconfiguration needs.

FAQs:

Q: Can I use the Okta dashboard tile to access Aircall?

• A: No, accessing Aircall via the Okta dashboard tile is not supported. Users should log in through dashboard.aircall.io/login/sso or the Aircall app's “Login with SSO” option.

Q: Is SAML Single Sign-On available to all Aircall customers?

• A: Currently, SAML Single Sign-On is offered to a limited number of customers. To request activation, please contact your Aircall Account Manager.

Q: What information is required from Okta to complete the setup in Aircall?

• A: You'll need the Identity Provider (IdP) metadata, which can be obtained as a URL or downloaded as an XML file from the Okta application’s Sign On tab.