How to configure Ping Identity SAML SSO

Before you start…

  • SAML SSO is only available for accounts on our Enterprise plan. 
  • Only account owners and admins can enable Single Sign On (SSO). 

 

Step 1: Navigate to the Calendly SSO Configuration Page

  1. Open calendly.com and sign in.

  2. Select Account.

  3. Select Organization Settings.

  4. Select Single sign-on on the left side of the page.

 

Step 2: Add Calendly as a Ping Application

  1. Open your Ping Identity dashboard in a separate tab.

  2. Select CONNECTIONS.

  3. Select + Add Application.

  4. Select WEB APP. Then, in the SAML row, select Configure.

  5. Fill in the Application Name (e.g. Calendly) and Description (e.g.  online appointment scheduling software).

  6. Select Next.

  7. Under ACS URLs, enter https://example.com (this will be changed later).

  8. Under ENTITY ID, enter https://example.com (this will be changed later).

  9. Select Download Signing Certificate and select X509 PEM (.crt).

    KB_PingDownloadButton_08JAN2021.png
  10. Under SIGNING ALGORITHM, make sure RSA_SHA256 is selected.

  11. Under ASSERTION VALIDITY DURATION (IN SECONDS), enter 60.

  12. Select Save and Continue.

  13. Under PINGONE USER ATTRIBUTE, select Email Address.

  14. Add an Email Address attribute

    1. Select +ADD ATTRIBUTE.

    2. Select PingOne Attribute.

    3. Under PINGONE USER ATTRIBUTE, select Email Address.

    4. Under APPLICATION ATTRIBUTE, enter email.

    5. Check the box next to Required.

  15. Add a Given Name attribute

    1. Select +ADD ATTRIBUTE.

    2. Select PingOne Attribute.

    3. Under PINGONE USER ATTRIBUTE, select Given Name.

    4. Under APPLICATION ATTRIBUTE, enter firstName.

    5. Check the box next to Required.

  16. Add a Family Name attribute

    1. Select +ADD ATTRIBUTE.

    2. Select PingOne Attribute.

    3. Under PINGONE USER ATTRIBUTE, select Family Name.

    4. Under APPLICATION ATTRIBUTE, enter lastName.

    5. Check the box next to Required.

  17. Select Save.

Step 3: Set up IDP

  1. Expand the Calendly application by selecting the down arrow button on the right.

    KB_PingAttributes_08JAN2021.png
  2. Select Configuration.

  3. Copy the ISSUER ID and paste it into the Entity ID field on Calendly’s SSO settings page (from Step 1: Navigate to the Calendly SSO configuration page)

  4. Copy SINGLE SIGNON SERVICE and paste it into the Identity provider’s SAML HTTP Request URL field on Calendly’s SSO settings page.

  5. Upload the downloaded PEM certificate into the X.509 certificate for SAML authentication field on Calendly’s SSO settings page.

  6. In Calendly, select Save & continue.

  7. In Ping, select the pencil icon on the right.

    KB_PingPencilIcon_08JAN2021.png
  8. Select SAML SETTINGS to expand the section.

  9. In Calendly, copy the ACS URL from Step two.

  10. In Ping, under ACS URLs, remove the existing text and paste.

  11. In Calendly, copy the Audience URL from Step two and paste it in Ping, under ENTITY ID.

  12. In Calendly, copy the Default relay state and paste it in Ping under TARGET APPLICATION URL.

  13. In Ping, select Save.

  14. Select < To Application List at the top of the page.

  15. Use the toggle to enable the Calendly application.

    KB_PingToggle_08JAN2021.png
  16. If you are registered on Ping with the same email as your Calendly Org admin, continue to Step 5: Test connection.

 

Step 4: Creating an Identity

  1. In Ping, select IDENTITIES in the menu.

  2. Select the + Add User button.

  3. Enter GIVEN NAME (first name) and FAMILY NAME (last name).

  4. Under EMAIL ADDRESS and USER NAME, enter your test user’s email.

  5. Select Save.

  6. Locate your use in the table and select the down arrow to expand.

    KB_PingArrowButton_08JAN2021.png
  7. Select Reset Password.

  8. Enter a temporary password (you will be prompted to change this upon your first login).

  9. Select Save.

 

Step 5: Test connection

In Calendly, select Test Connection. If successful, you’ll see a confirmation and be able to proceed to the next step.

 

Step 6: Enforce for your organization

In Calendly, select Enforce SAML SSO for my organization

Once SSO is enforced, all users will be logged out and need to use SAML SSO to log into Calendly. Only the organization owner can log in using their fallback (original) login method by selecting Log in using another method on the login page.

Was this article helpful?
3 out of 3 found this helpful