Before you start…
- SAML SSO is only available for accounts on the Enterprise plan. Please contact your Account Executive or Calendly Sales to learn more.
- You must be a Calendly account owner or admin to enable Single sign-on (SSO).
- You must use the same email address for both Calendly and Okta.
Okta SAML SSO features
- Identity Provider Initiated Login
- Service Provider Initiated Login
- Just-inTime (JIT) user creation is currently not supported
- Users can be provisioned via SCIM for accounts on Calendly’s Enterprise plan
Step 1: Add Calendly as an Okta application
- Open the Okta admin dashboard and select Applications.
- Select Add Application.
- Select Browse App Catalog.
- Search for the Calendly application.
- Select the Add button for the Calendly application.
- In General Settings select the appropriate values for:
- Application Visibility - If you want to temporarily hide the app while configuring, select the check box next to Do not display application icon to users. (You will need to change this after configuration to make the app visible to your users.)
- Browser plugin auto-submit
- Select Next.
- Under Sign On Methods, select SAML 2.0.
- Select View Setup Instructions.
- Leave this tab open and proceed to Step 2.
Step 2: Configure Okta SAML SSO on Calendly
If you no longer have your Okta window open after completing the previous steps, open the Okta admin dashboard and select Applications, Calendly (or whatever you chose to name the Calendly application), and select the Sign On tab.
Select View Setup Instructions.
In a new tab, navigate to your Calendly home page. Select Account, then Organization Settings, then Single Sign On.
In Okta, copy the Identity Provider Single Sign-On URL. Then, in Calendly, paste into the Identity provider's SAML HTTP Request URL field.
In Okta, copy the Identity Provider Issuer. Then, in Calendly, past into the Entity ID field.
In Okta, download the X.509 Certificate (PEM text format) and upload it into Calendly in the X.509 certificate for SAML authentication box. (Alternatively the certificate may be copied and pasted into the correct field.)
- Set Session duration to the appropriate value for your organization’s security policies.
In Calendly, select Save & continue.
Step 3: Update the Application SAML URLs within Okta
From the Okta admin dashboard, select Applications, Calendly (or whatever you chose to name the Calendly application), and select the General tab.
Scroll down to SAML Settings and select Edit. Then scroll down and select Next.
In Calendly, select Copy Audience URL. Then, go to Okta and paste it in the Audience URI (SP Entity ID) field.
In Calendly, select Copy ACS URL. Then, go to Okta and paste it in the Single sign on URL field.
- In Okta, for Application username format select Email.
Step 4: Test connection
Under the Assignments tab in Okta, assign your Okta user the Calendly application by selecting Assign, Assign to People, and the user to assign it to.
If the user’s email is different from the one used to log in to Calendly, enter the correct email address in the User Name field and select Save and Go Back.
In Calendly, select Test Connection. If successful, you’ll see a confirmation and be able to proceed to the next step.
Step 5: Enforce for your organization
In Okta, assign Calendly to the desired users. If you're assigning many users, you can follow these instructions from Okta.
In Calendly, select Enforce SAML SSO for my organization
Once SSO is enforced, all users will be logged out and need to use SSO to log into Calendly. Only the organization owner and admins can log in using their fallback (original) login method by selecting Log in using another method on the login page.