Note
If you are on our Teams plan and would like to add single sign-on (SSO) features to your Calendly account, you can do so from your billing page. The SSO add-on costs $3 per user, per month.
Before you begin
- Only account owners and admins can enable SSO.
How to set up SAML SSO with Microsoft AD FS
- In How to set up SAML SSO with your identity provider, complete Steps 1-3.
- When you reach Step 3. Configure attributes in your IdP, one way to configure attributes is to create two Issuance Transform Rules. To create a rule, view Microsoft's Create a Rule to Transform an Incoming Claim, and consult the following screenshots:
Note: Users have successfully configured using rules; however, you can choose to configure attributes in other ways.
- When you reach Step 3. Configure attributes in your IdP, one way to configure attributes is to create two Issuance Transform Rules. To create a rule, view Microsoft's Create a Rule to Transform an Incoming Claim, and consult the following screenshots:
- Send an email to Calendly at idpsupport@calendly.com with the following message:
I request a metadata file to connect ADFS with SAML SSO.
NOTE: You must complete Step 1. Configure Calendly before sending a message, since Step 1 creates an IdP record in Okta. - Once you receive the metadata file from Calendly, go to Microsoft AD FS, locate Relying Party Trusts, select Import data about the relying party from a file, and upload the metadata file. For more details, view the screenshot below and Microsoft's To create a claims aware Relying Party Trust using federation metadata.
- Once you upload the metadata file, go to Calendly, navigate to Admin Center, Organization Settings, then Single sign-on.
-
Select Enable SSO for yourself, select Test connection. If successful, you'll see a confirmation.
-
In Calendly, select Enforce SAML SSO for my organization, then Apply.
Once SSO is enforced, all users will be logged out and need to use SAML SSO to log into Calendly. Only the organization owner can log in using their fallback (original) login method by selecting Log in using another method on the login page.