How to configure Ping Identity SAML SSO

Go to the Calendly SSO Configuration Page

1. Go to the Admin Center.
2. Select Login.
3. Select Single sign-on.

Add Calendly as a Ping Application

1. Open your Ping Identity dashboard in a separate tab.
2. Select CONNECTIONS.
3. Select + Add Application.
4. Select WEB APP. Then, in the SAML row, select Configure.
5. Enter an Application Name (e.g. Calendly) and Description (e.g. online appointment scheduling software).
6. Select Next.
7. In ACS URLs, enter https://example.com (you'll change this later).
8. In ENTITY ID, enter https://example.com (you'll change this later).
9. Select Download Signing Certificate and select X509 PEM (.crt).
   
10. Under SIGNING ALGORITHM, select RSA_SHA256.
11. Under ASSERTION VALIDITY DURATION (IN SECONDS), enter 60.
12. Select Save and Continue.
13. Under PINGONE USER ATTRIBUTE, choose Email Address.
14. Add an Email Address attribute
    1. Select +ADD ATTRIBUTE.
    2. Select PingOne Attribute.
    3. Under PINGONE USER ATTRIBUTE, select Email Address.
    4. Under APPLICATION ATTRIBUTE, enter email.
    5. Check the box for Required.
15. Add a Given Name attribute
    1. Select +ADD ATTRIBUTE.
    2. Select PingOne Attribute.
    3. Under PINGONE USER ATTRIBUTE, select Given Name.
    4. Under APPLICATION ATTRIBUTE, enter firstName.
    5. Check the box for Required.
16. Add a Family Name attribute
    1. Select +ADD ATTRIBUTE.
    2. Select PingOne Attribute.
    3. Under PINGONE USER ATTRIBUTE, select Family Name.
    4. Under APPLICATION ATTRIBUTE, enter lastName.
    5. Check the box for Required.
17. Select Save.

Set up IDP

1. Expand the Calendly app by selecting the down arrow. 
   
2. Select Configuration.
3. Copy the ISSUER ID and paste it into the Entity ID field on Calendly’s SSO settings page (from Step 1: Navigate to the Calendly SSO configuration page).
4. Copy SINGLE SIGNON SERVICE and paste it into the Identity provider’s SAML HTTP Request URL field on Calendly’s SSO settings page.
5. Upload the PEM certificate you downloaded into the X.509 certificate for SAML authentication field on Calendly’s SSO settings page.
6. In Calendly, select Save & continue.
7. In Ping, select the pencil icon on the right.
   
8. Select SAML SETTINGS to expand the section.
9. In Calendly, copy the ACS URL from Step two.
10. In Ping, under ACS URLs, remove the existing text and paste.
11. In Calendly, copy the Audience URL from Step two and paste it into Ping, under ENTITY ID.
12. In Calendly, copy the Default relay state and paste it in Ping under TARGET APPLICATION URL.
13. In Ping, select Save.
14. Select < To Application List at the top of the page.
15. Use the toggle to turn on the Calendly app. 
    
16. If you are registered on Ping with the same email as your Calendly Org admin, continue to Step 5: Test connection.

Creating an Identity

1. In Ping, select IDENTITIES in the menu.
2. Select the + Add User button.
3. Enter GIVEN NAME (first name) and FAMILY NAME (last name).
4. Under EMAIL ADDRESS and USER NAME, enter your test user’s email.
5. Select Save.
6. Find the user in the list, then select the down arrow to expand.
   
7. Select Reset Password.
8. Enter a temporary password (you'll need to change this when logging in).
9. Select Save.

Test connection

In Calendly, select Enable SSO for yourself, then select Test connection. If successful, you'll see a confirmation.

Enforce for your organization

In Calendly, select Enforce SAML SSO for my organization, then Apply.

Once SSO is enforced, all users will be logged out and will need to sign back in with SAML SSO. Only the organization owner can use a backup log in by selecting Log in using another method on the login screen.