How to configure Azure SAML SSO


If you are on our Teams plan and would like to add single sign-on (SSO) features to your Calendly account, you can do so from your billing page. The SSO add-on costs $3 per user, per month. 



Step 1: Navigate to the Calendly SSO Configuration Page

  1. Open and sign in.
  2. Navigate to your Admin center.
  3. Select Login.
  4. Select Single sign-on.

Step 2: Add Calendly as an Azure Application

  1. Open the Azure Active Directory dashboard in a separate tab.
  2. Select Enterprise Applications in the Create area. (You can also use the search bar by searching for Enterprise Applications.)
  3. Select + New Application.
  4. Select + Create your own application.
  5. Name the application, for example, "Calendly", and select Integrate any other application you don’t find in the gallery.
  6. Select Create.
    Note: You may already have Calendly applications in Azure (shown below), if users in your Calendly account have connected with a Microsoft application, such as a Microsoft calendar, Teams account, or O365 login. These applications are separate from SSO and will not impact the SSO process. 

Step 3: Set up IdP

  1. Select Single sign-on on the left.

  2. Select SAML.

  3. At Basic SAML Configuration (box 1 in Azure), select Edit.

  4. In the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), enter (this value is temporary, and you will replace it once the values are generated in Calendly). Note that Azure provides a default SAML Signing Certificate (box 3 in Azure). Azure will generate the correct certificate after you enter this temporary value and complete the next steps.

  5. Select Save.

  6. To reflect the new SAML Signing Certificate, refresh the page.

  7. At Set up Calendly SAML (box 4 in Azure), copy Microsoft Entra Identifier and paste it into the Entity ID field on Calendly’s SSO settings page (from Step 1).

  8. In Azure, copy the Login URL and paste it into the Identity provider’s SAML HTTP Request URL field on Calendly’s SSO settings page. Select Save

  9. From the Signing Certificate menu, you can either create a new certificate or download the  Base64 certificate. Select the Edit and delete any existing certificates. 
  10. To create a new certificate: Select Add certificate and generate a new one by selecting + New Certificate or import your own by selecting Import Certificate. Then, select Save.

  11. To download the Base64 certificate, Select the 3 dot menu and select Base64 certificate download. Select Save. 

  12. Copy the contents of the certificate and paste it into the X.509 certificate for SAML authentication field on Calendly’s SSO settings page.

  13. In Calendly, select Save & continue.

  14. In Azure, select the pencil icon within the Basic SAML Configuration box.

  15. In Calendly, copy the Audience URL and paste it into the Identifier (Entity ID) field in Azure.

  16. In Calendly, copy the ACS URL and paste it into the Reply URL (Assertion Consumer Service URL) field in Azure.

  17. In Calendly, copy the Default relay state and paste it into the Relay State field in Azure.

  18. In Azure, select Save.

  19. Select the pencil icon in the User Attributes & Claims box.

  20. Under Required claim select Unique User Identifier (Name ID).

  21. At Source attribute, search for user.mail and select.

  22. Select Save.

  23. Under Additional claims, delete all existing claims by selecting the 3-dot menu and Delete.

  24. Add an email claim

    • Select + Add new claim

    • Under Name, enter email.

    • At Source attribute, search for user.mail and select.

    • Select Save.

  25. Add a firstName claim

    • Select + Add new claim

    • Under Name, enter firstName.

    • At Source attribute, search for user.givenname and select.

    • Select Save.

  26. Add a lastName claim

    • Select + Add new claim

    • Under Name, enter lastName.

    • At Source attribute, search for user.surname and select.

    • Select Save.


Step 4: Assign your user to the Calendly application

  1. In Azure, return to the Enterprise Applications page.
  2. Select the application.
  3. Select 1. Assign users and groups.
  4. Select + Add user.
  5. Select Users.
  6. Search for your user, select them, and hit Select.
  7. Select Assign.

Step 5: Test connection

In Calendly, select Enable SSO for yourself.

Screenshot 2023-10-11 at 10.13.52 AM.png

Select Test connection.

Once you’ve verified that you can log in, assign your remaining Calendly users to the application in Azure before you enable and enforce SSO for all users.

Step 6: Enforce for your organization

In Calendly, select Enforce SAML SSO for my organization, then Apply.

Screenshot 2023-10-11 at 10.14.09 AM.png

Once SSO is enforced, all users will be logged out and need to use SAML SSO to log into Calendly. Only the organization owner can log in using their fallback (original) login method by selecting Log in using another method on the login page.