When your identity provider (IdP) rotates or expires a certificate, you must update it in Calendly so users can continue signing in securely.
Updating a certificate requires temporarily disabling SAML enforcement, which signs all users out. To minimize disruption, plan the update outside of normal business hours.
Before you begin
- Have your new certificate file or certificate text ready from your IdP.
- Coordinate with your team for the best time to make the update, since users will be logged out during the process.
Update your SAML certificate
- In Calendly, go to your Single sign-on settings page.
- In Step 3, toggle Enforce SAML SSO for my organization off.
- Note: This signs out all users.
- In Step 1, upload the new certificate file or paste the certificate text from your IdP.
- Select Save & continue.
- Skip Step 2 (no changes needed).
- Return to Step 3 and toggle Enforce SAML SSO for my organization back on.
After the update
- Users can log in again with SAML SSO using the new certificate.
- If login fails, confirm the certificate matches what your IdP provided.
- For full setup instructions, see this article.