How to configure Azure SAML SSO

Before you start…

  • SAML SSO is only available for accounts on the Enterprise plan. 
  • Only account owners and admins can enable Single Sign-On (SSO). 

 

Step 1: Navigate to the Calendly SSO Configuration Page

  1. Open calendly.com and sign in.
  2. Select Account.
  3. Select Organization Settings.
  4. Select Single sign-on on the left side of the page.


Step 2: Add Calendly as an Azure Application

  1. Open the Azure Active Directory dashboard in a separate tab.
  2. Select Enterprise Applications in the Create area. (You can also use the search bar by searching for Enterprise Applications.)
  3. Select + New Application.
  4. Select + Create your own application.
  5. Name the application, for example, "Calendly", and select Integrate any other application you don’t find in the gallery.
  6. Select Create.
    Note: You may already have Calendly applications in Azure (shown below), if users in your Calendly account have connected with a Microsoft application, such as a Microsoft calendar, Teams account, or O365 login. These applications are separate from SSO and will not impact the SSO process. 
    Calendly_all_the_apps.png

 

Step 3: Set up IdP

  1. Select Single sign-on on the left.

  2. Select SAML.

  3. At Basic SAML Configuration (box 1 in Azure), select Edit.

  4. In the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), enter https://example.com (this value is temporary, and you will replace it once the values are generated in Calendly). Note that Azure provides a default SAML Signing Certificate (box 3 in Azure). Azure will generate the correct certificate after you enter this temporary value and complete the next steps.

  5. Select Save.

  6. To reflect the new SAML Signing Certificate, refresh the page.

  7. At Set up Calendly SAML (box 4 in Azure), copy Azure AD Identifier (and paste it into the Entity ID field on Calendly’s SSO settings page (from Step 1).

  8. In Azure, copy the Login URL and paste it into the Identity provider’s SAML HTTP Request URL field on Calendly’s SSO settings page.

  9. Select Add certificate and generate a new one by selecting + New Certificate or import your own by selecting Import Certificate.

  10. Select Save.

  11. Select the 3 dot menu and select Base64 certificate download.

    KB_AzureBase64_08JAN2021.png
  12. Copy the contents of the certificate and paste it into the X.509 certificate for SAML authentication field on Calendly’s SSO settings page.

  13. In Calendly, select Save & continue.

  14. In Azure, select the pencil icon within the Basic SAML Configuration box.

    KB_AzureEdit_08JAN2021.png
  15. In Calendly, copy the Audience URL and paste it into the Identifier (Entity ID) field in Azure.

  16. In Calendly, copy the ACS URL and paste it into the Reply URL (Assertion Consumer Service URL) field in Azure.

  17. In Calendly, copy the Default relay state and paste it into the Relay State field in Azure.

  18. In Azure, select Save.

  19. Select the pencil icon in the User Attributes & Claims box.

    KB_AzureEditAttributes_08JAN2021.png
  20. Under Required claim select Unique User Identifier (Name ID).

  21. At Source attribute, search for user.mail and select.

  22. Select Save.

  23. Under Additional claims, delete existing claims by selecting the 3-dot menu and Delete.

  24. Add an email claim

    • Select + Add new claim

    • Under Name, enter email.

    • At Source attribute, search for user.mail and select.

    • Select Save.

  25. Add a firstName claim

    • Select + Add new claim

    • Under Name, enter firstName.

    • At Source attribute, search for user.givenname and select.

    • Select Save.

  26. Add a lastName claim

    • Select + Add new claim

    • Under Name, enter lastName.

    • At Source attribute, search for user.surname and select.

    • Select Save.

KB_AzureClaim_08JAN2021.png

 

Step 4: Assign your user to the Calendly application

  1. In Azure, return to the Enterprise Applications page.
  2. Select the application.
  3. Select 1. Assign users and groups.
  4. Select + Add user.
  5. Select Users.
  6. Search for your user, select them, and hit Select.
  7. Select Assign.

 

Step 5: Test connection

In Calendly, select Test Connection.

Once you’ve verified that you can log in, assign your remaining Calendly users to the application in Azure before you enable and enforce SSO for all users.

 

Step 6: Enforce for your organization

In Calendly, select Enforce SAML SSO for my organization

Once SSO is enforced, all users will be logged out and need to use SAML SSO to log into Calendly. Only the organization owner can log in using their fallback (original) login method by selecting Log in using another method on the login page.

Was this article helpful?
3 out of 3 found this helpful