Please note: The instructions listed in this article are exclusively applicable to those who have had SAML Single Sign-On activated for their company by Aircall. To have SAML Single Sign-On activated for your company, please contact your Account Manager. Please note that, at this time, this functionality is only offered for a limited number of customers.
⚠️ IDP-initiated SAML sign-in is currently not supported. Once you have configured SAML on your Aircall account, please log in via the Aircall dashboard or app's login page using the "Sign-in with SSO" option.
Step 1: Create a new Client
-
Open Keycloak Administration Console
-
From the navigation menu on the left-hand side, under the Manage section, choose Clients
-
Click on Create Client
-
In the Create a new app integration modal, select SAML as the Client type
-
Enter
urn:amazon:cognito:sp:us-west-2_hZkGBmIszas Client ID -
Enter AircallSSO as Name
-
Click on Next
-
Enter
https://sso.aircall.io/saml2/idpresponseas Valid redirect URIs -
Click on Save
Step 2: Configure your new SAML Client
-
Under Clients > Client details, select urn:amazon:cognito:sp:us-west-2_hZkGBmIsz
-
Select Keys tab from the top
-
Disable Client signature required
-
Select Client scopes tab from the top
-
Click on urn:amazon:cognito:sp:us-west-2_hZkGBmIsz-dedicated from the table
-
Click on Add predefined mapper
-
Select X500 email and click on Add
-
After X500 email is added to the table, click on it
-
Change SAML Attribute Name to
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressand Save
Step 3: Export the Metadata
-
Click on Real settings under the Configure section from the navigation menu on the left hand side
-
Find Endoints
-
Click on SAML 2.0 Identity Provider Metadata to open the XML file
-
Save the file as aircall-idp.xml
For more information on SAML, please read more here or contact your Account Manager.