How to configure Microsoft Entra ID SAML SSO

Navigate to the Calendly SSO Configuration Page

  1. Open calendly.com and sign in.
  2. Navigate to your Admin center.
  3. Select Login.
  4. Select Single sign-on.

Add Calendly as a Microsoft Entra ID Application

  1. Open the Microsoft Entra ID dashboard in a separate tab.
  2. Select Enterprise Applications in the Create area. (You can also use the search bar by searching for Enterprise Applications.)
  3. Select + New Application.
  4. Select + Create your own application.
  5. Name the application, for example, "Calendly", and select Integrate any other application you don’t find in the gallery.
  6. Select Create.
    Note: You may already have Calendly applications in Microsoft Entra ID (shown below), if users in your Calendly account have connected with a Microsoft application, such as a Microsoft calendar, Teams account, or O365 login. These applications are separate from SSO and will not impact the SSO process. 
    Calendly_all_the_apps.png

Set up IdP

  1. Select Single sign-on on the left.

  2. Select SAML.

  3. At Basic SAML Configuration (box 1 in Microsoft Entra ID), select Edit.

  4. In the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), enter https://example.com (this value is temporary, and you will replace it once the values are generated in Calendly). Note that Microsoft Entra ID provides a default SAML Signing Certificate (box 3 in Microsoft Entra ID). Microsoft Entra ID will generate the correct certificate after you enter this temporary value and complete the next steps.

  5. Select Save.

  6. To reflect the new SAML Signing Certificate, refresh the page.

  7. At Set up Calendly SAML (box 4 in Microsoft Entra ID), copy Microsoft Entra Identifier and paste it into the Entity ID field on Calendly’s SSO settings page (from Step 1).

  8. In Microsoft Entra ID, copy the Login URL and paste it into the Identity provider’s SAML HTTP Request URL field on Calendly’s SSO settings page. Select Save

  9. From the Signing Certificate menu, you can either create a new certificate or download the  Base64 certificate. Select the Edit and delete any existing certificates. 
  10. To create a new certificate: Select Add certificate and generate a new one by selecting + New Certificate or import your own by selecting Import Certificate. Then, select Save.

  11. To download the Base64 certificate, Select the 3 dot menu and select Base64 certificate download. Select Save. 

    KB_AzureBase64_08JAN2021.png
  12. Copy the contents of the certificate and paste it into the X.509 certificate for SAML authentication field on Calendly’s SSO settings page.

  13. In Calendly, select Save & continue.

  14. In Microsoft Entra ID, select the pencil icon within the Basic SAML Configuration box.

    KB_AzureEdit_08JAN2021.png
  15. In Calendly, copy the Audience URL and paste it into the Identifier (Entity ID) field in Microsoft Entra ID.

  16. In Calendly, copy the ACS URL and paste it into the Reply URL (Assertion Consumer Service URL) field in Microsoft Entra ID.

  17. In Calendly, copy the Default relay state and paste it into the Relay State field in Microsoft Entra ID.

  18. In Microsoft Entra ID, select Save.

  19. Select the pencil icon in the User Attributes & Claims box.

    KB_AzureEditAttributes_08JAN2021.png
  20. Under Required claim select Unique User Identifier (Name ID).

  21. At Source attribute, search for user.mail and select.

  22. Select Save.

  23. Under Additional claims, delete all existing claims by selecting the 3-dot menu and Delete.

  24. Add an email claim

    • Select + Add new claim

    • Under Name, enter email.

    • At Source attribute, search for user.mail and select.

    • Select Save.

  25. Add a firstName claim

    • Select + Add new claim

    • Under Name, enter firstName.

    • At Source attribute, search for user.givenname and select.

    • Select Save.

  26. Add a lastName claim

    • Select + Add new claim

    • Under Name, enter lastName.

    • At Source attribute, search for user.surname and select.

    • Select Save.

KB_AzureClaim_08JAN2021.png

Assign your user to the Calendly application

  1. In Azure, return to the Enterprise Applications page.
  2. Select the application.
  3. Select 1. Assign users and groups.
  4. Select + Add user.
  5. Select Users.
  6. Search for your user, select them, and hit Select.
  7. Select Assign.

Test connection

In Calendly, select Enable SSO for yourself.

Screenshot 2023-10-11 at 10.13.52 AM.png

Select Test connection.

Once you’ve verified that you can log in, assign your remaining Calendly users to the application in Azure before you enable and enforce SSO for all users.

Enforce for your organization

In Calendly, select Enforce SAML SSO for my organization, then Apply.

Screenshot 2023-10-11 at 10.14.09 AM.png

Once SSO is enforced, all users will be logged out and need to use SAML SSO to log into Calendly. Only the organization owner can log in using their fallback (original) login method by selecting Log in using another method on the login page.

Note

If you are on our Teams plan and would like to add single sign-on (SSO) features to your Calendly account, you can do so from your billing page. The SSO add-on costs $3 per user, per month.