# SSO setup

### Setting up SAML login

1. Set SAML\_DATABASE\_URL to a postgres database. Please use a different database than the main Cal instance since the migrations are separate for this database. For example `postgresql://postgres:@localhost:5450/cal-saml`
2. Set SAML\_ADMINS to a comma separated list of admin emails from where the SAML metadata can be uploaded and configured.
3. Create a SAML application with your Identity Provider (IdP) using the instructions here - [SAML Setup](#saml-registration-with-identity-providers)
4. Remember to configure access to the IdP SAML app for all your users (who need access to Cal).
5. You will need the XML metadata from your IdP later, so keep it accessible.
6. Log in to one of the admin accounts configured in SAML\_ADMINS and then navigate to Settings -> Security.
7. You should see a SAML configuration section, copy and paste the XML metadata from step 5 and click on Save.
8. Your provisioned users can now log into Cal using SAML.

## SAML Registration with Identity Providers

This guide explains the settings you need to use to configure SAML with your Identity Provider. Once this is set up you should get an XML metadata file that should then be uploaded on your Cal.com self-hosted instance.

> **Note:** Please do not add a trailing slash at the end of the URLs. Create them exactly as shown below.

**Assertion consumer service URL / Single Sign-On URL / Destination URL:** <http://localhost:3000/api/auth/saml/callback> \[Replace this with the URL for your self-hosted Cal instance]

**Entity ID / Identifier / Audience URI / Audience Restriction:** <https://saml.cal.com>

**Response:** Signed

**Assertion Signature:** Signed

**Signature Algorithm:** RSA-SHA256

**Assertion Encryption:** Unencrypted

**Mapping Attributes / Attribute Statements:**

<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier> -> id

<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress> -> email

<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname> -> firstName

<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname> -> lastName


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://calcom.gitbook.io/docs/introduction/quick-start/self-hosting/sso-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.