How to set up SCIM with your identity provider

Lauren

September 09, 2021 13:56

Calendly supports any enterprise identity provider (IdP) using the SCIM 2.0 protocol.

Calendly has tested and documented SCIM setup instructions for the following identity providers: Okta, OneLogin, and Microsoft Azure. If you have a different identity provider, follow the steps in this article. Since steps may vary by identity provider, consult documentation from your identity provider for more details.

Before you begin…

SCIM is available on the Enterprise plan. Contact your Account Executive or Calendly Sales to learn more.
You must set up SAML before you set up SCIM.
You must be a Calendly owner or admin.
For easier setup, use separate browser windows: one for Calendly and one for your IdP.

You’ll need…

SCIM base URL
Bearer/API token

In your identity provider, create a custom Calendly application or, if you’ve already set up SSO, use the existing Calendly app. Consult your identity provider’s documentation for more details.
In Calendly, go to Account, Organization Settings, then Single sign-on.
Under Optional: Connect SCIM, toggle on SCIM provisioning.
Select copy base URL and paste it into the appropriate field in your identity provider. Consult your identity provider’s documentation for more details.
In Calendly, select the appropriate value for When do you want this token to expire? Then select Generate new bearer token, Copy token, and paste it into the appropriate field for your identity provider.
In Calendly, select Test Connection. Select Save. Note: if the connection fails, try paste in the Base URL and Copy token again.
In your identity provider, map the SCIM API attributes to Calendly. See table below for attributes. Note: you should only configure attributes listed in the table. Passing attributes other than the ones listed will result in an error.
In your identity provider, enable provisioning. Consult your identity provider’s documentation for more details on enabling provisioning and assigning users to an app.

Calendly attribute	SCIM API attribute	Description
Name (required)	displayName	The user's displayed name
Email address (required)	userName	The email address used by the user to log in to calendly.com
Active (required)	active	When you create a user, this field must be set to 'true'. Changing it to 'false' will deactivate the user in calendly.com
No equivalent in Calendly (optional)	externalID	An individual’s unique identifier in your identity provider

Reach out to Developer Support if you need assistance with setup.