How to set up SAML SSO with Microsoft AD FS

Before you begin...

• SAML SSO is only available for Enterprise accounts. 
• Only account owners and admins can enable Single Sign-On (SSO). 

1. In How to set up SAML SSO with your identity provider, complete Steps 1-3.
   • When you reach Step 3. Configure attributes in your IdP, one way to configure attributes is to create two Issuance Transform Rules. To create a rule, view Microsoft's Create a Rule to Transform an Incoming Claim, and consult the following screenshots:
     
     
     
     Note: Users have successfully configured using rules; however, you can choose to configure attributes in other ways.
2. Send an email to Calendly at idpsupport@calendly.com with the following message:
   
   I request a metadata file to connect ADFS with SAML SSO. 
   
   Note: You must complete Step 1. Configure Calendly before sending a message, since Step 1 creates an IdP record in Okta.
3. Once you receive the metadata file from Calendly, go to Microsoft AD FS, locate Relying Party Trusts, select Import data about the relying party from a file, and upload the metadata file. For more details, view the screenshot below and Microsoft's To create a claims aware Relying Party Trust using federation metadata.
   
   
4. Once you upload the metadata file, go to Calendly, navigate to Account, Organization Settings, then Single sign-on.
5. Under Step Two: Enable SSO for yourself, select Test connection. 
6. Complete the remaining steps in How to set up SAML SSO with your identity provider.