LogoLogo
Log in
  • Introduction
    • Welcome
    • Quick Start
      • Sign up for a Cal.com account
      • Complete your onboarding
      • Self-hosting
        • Installation
          • Ultimate
          • Platform
            • Get access to the API
            • API submodule
        • Install apps
          • Google
          • Microsoft
          • Zoom
          • Daily
          • HubSpot
          • Stripe
          • Sendgrid
          • Twilio
        • E2E testing
        • Upgrading
        • Docker
        • Vercel
        • Database migrations
        • SSO setup
  • Core Features
    • Event types
      • Secret events
      • Location of the event
      • Availability schedule
      • Multiple durations
      • Event buffer
      • Custom time-slot intervals
      • Custom event name in the booking
      • Minimum notice
      • Booking frequency
      • Limit future bookings
      • Add events to calendar
      • Additional inputs
      • Requires confirmation
      • Hide notes in calendar
      • Require additional notes
      • Booking success URL
      • Single use private links
      • Offer seats
      • Recurring events
      • Disable guests
    • Bookings
      • Paid bookings
    • Availability
      • Multiple time slots per day
      • Date overrides
      • Multiple schedules
    • App Store
      • Apps
        • Calendar apps
        • Video apps
        • Payment apps
        • Workflow apps
        • Analytics apps
        • Web3 apps
        • Miscellaneous apps
    • Webhooks
    • Embed
      • Install with JavaScript
      • Install with React
      • Set up your embed
    • New Docs Embed
      • Adding embed to your webpage
      • Embed Snippet Generator
      • Embed events
      • Embed instructions
      • Adding slots to your email
    • Dynamic group links
    • Customization
    • i18n Internationalization
  • Enterprise Features
    • Teams
      • Team workflows
      • Round-robin scheduling
      • Collective events
      • Advanced routing forms
    • Workflows
    • API
      • Quick start
        • Testing API locally
        • Hosted API through Cal.com
      • Authentication
      • Errors
      • Rate limits
      • Versioning
      • Types
      • API reference
        • Attendees
        • Availabilities
        • Booking References
        • Bookings
        • Custom inputs
        • Destination calendars
        • Event types
        • Memberships
        • Payments
        • Schedules
        • Selected calendars
        • Teams
        • Users
        • Webhooks
    • Admin
  • Knowledgebase
    • Glossary
  • How To Guides
    • Acquire and manage a license key
    • Adding your first app
    • Creating a secret event type
    • Creating your first event type
    • How to add a location to your event type
    • How to add custom CSS
    • How to build an app
      • Build a greeter app
    • How to connect apple calendar with calcom
    • How to troubleshoot symbolic link issues on Windows
    • How to set buffer time
    • How to set up requires confirmation
    • How to set time-slot intervals
    • How to set up an event type to receive payments
    • How to test API in a local instance
    • How to use open-source scheduling infrastructure with HubSpot
    • How to white label the self hosted instance
    • Setting up your availability
      • Adding date override
    • Quick actions using command bar
Powered by GitBook
LogoLogo

Solutions

  • Individual
  • Teams
  • Ultimate
  • Platform

Follow us

  • Twitter
  • LinkedIn

Copyright 2023 Cal.com, Inc. All rights reserved.

On this page
  • Setting up SAML login
  • SAML Registration with Identity Providers

Was this helpful?

  1. Introduction
  2. Quick Start
  3. Self-hosting

SSO setup

PreviousDatabase migrationsNextEvent types

Last updated 2 years ago

Was this helpful?

Setting up SAML login

  1. Set SAML_DATABASE_URL to a postgres database. Please use a different database than the main Cal instance since the migrations are separate for this database. For example postgresql://postgres:@localhost:5450/cal-saml

  2. Set SAML_ADMINS to a comma separated list of admin emails from where the SAML metadata can be uploaded and configured.

  3. Create a SAML application with your Identity Provider (IdP) using the instructions here -

  4. Remember to configure access to the IdP SAML app for all your users (who need access to Cal).

  5. You will need the XML metadata from your IdP later, so keep it accessible.

  6. Log in to one of the admin accounts configured in SAML_ADMINS and then navigate to Settings -> Security.

  7. You should see a SAML configuration section, copy and paste the XML metadata from step 5 and click on Save.

  8. Your provisioned users can now log into Cal using SAML.

SAML Registration with Identity Providers

This guide explains the settings you need to use to configure SAML with your Identity Provider. Once this is set up you should get an XML metadata file that should then be uploaded on your Cal.com self-hosted instance.

Note: Please do not add a trailing slash at the end of the URLs. Create them exactly as shown below.

Assertion consumer service URL / Single Sign-On URL / Destination URL: [Replace this with the URL for your self-hosted Cal instance]

Entity ID / Identifier / Audience URI / Audience Restriction:

Response: Signed

Assertion Signature: Signed

Signature Algorithm: RSA-SHA256

Assertion Encryption: Unencrypted

Mapping Attributes / Attribute Statements:

-> id

-> email

-> firstName

-> lastName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://localhost:3000/api/auth/saml/callback
https://saml.cal.com
SAML Setup