Single sign-on (SSO) offers a simple and secure way for users to access Calendly. With SSO enabled, users can authenticate with their corporate credentials. From a security standpoint, this eliminates weak password use, reduces the need to remember passwords, and provides more control.
Calendly supports Security Assertion Markup Language (SAML) for single sign-on, and supports any enterprise identity provider (IdP) using the SAML 2.0 protocol.
In this article
- Who can enable SSO
- How to enable SSO
- Inform members that you've enabled SSO
- What to expect after you enable SSO
Service Provider Initiated SSO (SP-initiated) : Users can log in to calendly.com, and your IdP will authenticate the user.
- Identity Provider Initiated SSO (IdP-initiated): Users can log in to your IdP and select the Calendly app.
- Just-in-Time (JIT) provisioning is not supported. You can provision users via SCIM.
Who can enable SSO
How to enable SSO
Supported identity providers
Calendly supports any enterprise identity provider using the SAML 2.0 protocol. Identity providers we have tested and documented include:
For other identity providers, follow the steps in How to set up SAML SSO with your identity provider.
If your company has multiple Calendly accounts
When you set up SSO, you enable SSO for all members within the Calendly account. If your company has multiple Calendly accounts, you'll need to set up SSO for each account.
If you want user sessions to expire
You can control how long members are signed in to Calendly before they need to re-authenticate. Session duration resets with user activity, so users will not be logged out when they're active. The session defaults to 21 days without activity, but you can reduce this time to match the security needs of your organization.
If you have guest accounts in Calendly
You should not enable SSO if your Calendly account contains users that are not in your identity provider. If you enable SSO, these users will not be able to log in to Calendly.
If you want to use multi-factor authentication
You can set up multi-factor authentication within your IdP.
Inform your members that you've enabled SSO
We recommend that you send an email to inform your members that SSO is enabled. Feel free to make use of the template below. If you'd like to share steps on how to sign in to calendly.com with SSO (rather than sign in from your IdP), you can include How to sign in using single sign-on.
Subject: [ Action Required ] Log back in to Calendly
This is to let you know that [ Your Organization Name ] is changing to the way we access Calendly. Going forward you’ll be able to log in to Calendly using your [ IdP ] credentials.
We made this change so you can access Calendly and other applications using the same username and password (this way you don’t have to remember multiple passwords). If you're unable to log in using your [IdP] username and password, please let your network administrator know.
[ Signature ]
What to expect after you enable SSO
Once you enable SSO, all members will be logged out of Calendly and will need to use SSO to log in. This includes members on Calendly’s web and mobile apps.
Log in with another method
As an owner or admin, you have the option to Log in using another method. This will prompt you to log in with your original method. Use this option if you cannot log in with your identity provider, and need to disable SAML SSO for the organization.
Connected calendars and integrations
Enabling SSO does not impact calendar connections or integrations. Members are not required to use their corporate SSO credentials for calendars or integrations. Members can connect on their Calendar Connections page and Integrations page.
You'll need to add any new members in your identity provider and Calendly's Admin Management page. New members will be prompted to log in with SSO. Note: members must accept their email invitation to join Calendly before they can log in.
If SSO is enabled (but SCIM is not), you will need to remove a user from two places: your identity provider and the Calendly Admin Management page. To remove users in Calendly, view remove users and paid seats. If you'd like to automatically add and remove users, you can enable SCIM.
Once removed from your account, the user will have access to their free, solo Calendly account. They can log in with their original login method or a new method, depending on whether or not they had a Calendly account prior to joining your account. For example, if they originally used Google OAuth, they'll be prompted to log in with Google.
If a user wants to update the email address they use with Calendly, you'll need to:
- Update their email address in your IdP.
- Reach out to Calendly support and share their new email address.