Using Calendly

Using Calendly

Enterprise security and compliance in the top-rated scheduling automation platform


Julia Farina

Julia Farina
Jun. 17, 2022

Enterprise security - blog - hero

IT and security teams are constantly alert for security breaches. But the increasing frequency and sophistication of cyberattacks, phishing, and ransomware are intense. On top of that, there’s the new normal of a remote/hybrid workforce, who can sign up for SaaS apps in seconds. Add it up, and your team spends a lot of valuable time tracking down personal accounts to reduce risk.

We know you’d rather focus on strengthening your own infrastructure and security protocols. And as a top-ranked scheduling automation platform, we also know many of our millions of users already work at your company — many of whom have unconnected individual accounts.

As a scheduling automation platform in the business of making millions of connections happen seamlessly, Calendly understands the critical role security, privacy, and compliance play in this process.

Integrate secure enterprise scheduling with Calendly

Security threats evolve constantly. And so do Calendly’s protections, keeping your organization secure. Our Enterprise plan has robust security features and protocols that large organizations require. In fact, Calendly is the one of the only scheduling platforms that adheres to SEC regulations and meets the compliance needs of the world’s largest financial service companies

The Enterprise plan provides the in-app security, compliance, and centralized administrative controls you need today, while Calendly’s committed security resources keep pace with tomorrow’s evolving threats. It’s no wonder that Sales, Customer Experience, Recruiting, and other teams rely on Calendly for Enterprise to accelerate deals, retain customers, and schedule external meetings efficiently.

Collaborate without sacrificing control

People throughout your organization use productivity and collaboration tools to make their jobs easier. But team members using different, unconnected platforms for company projects create security risks. You have no visibility into who is using what tool or for what purpose. And when corporate IP gets siloed in private and/or personal app accounts, it’s impossible to control passwords and ensure other security protocols.

Data breaches happen almost every day, but keeping apps in one centrally managed account reduces your risk exposure. Calendly for Enterprise lets you consolidate personal accounts under one corporate umbrella, reducing risk without interrupting workflows. The plan’s enterprise-grade security and compliance features equip IT and security teams with more control over customer, employee, and business data. 

SAML Single sign-on

With SAML Single sign-on (SSO), everyone in your company accesses Calendly with a single set of credentials that’s consistent with your identity provider. SSO helps you avoid weak passwords and gives admins greater control. It also makes employees’ lives easier, since they have fewer passwords to remember.

Advanced user provisioning

Meanwhile, integrating with your company directory to implement advanced user provisioning helps automate the Calendly user lifecycle and gets team members up and running quickly. Admins can onboard users to the company’s Calendly account through connections with identity providers like Okta, OneLogin, and Microsoft Azure. With SCIM enabled, employees are automatically removed from Calendly when they leave the company, saving admins time and reducing the risk of former employees retaining access. Your team can safeguard company IP and business data while simplifying user provisioning.

Workflow: Employee lifecycle (creating and removing users) > SCIM > Calendly's personal booking page, team management, and SSO readiness
SCIM provisioning lets admins automatically onboard and offboard users from your organization’s Calendly account.

Automated group provisioning 

When integrating with a company directory, leveraging Calendly’s SCIM functionality, IT and admins can onboard teams faster with group provisioning by automatically mapping new users to Groups in Calendly as they are provisioned into the account. IT and admins can determine how users are grouped based on predefined attributes like department, division, or location from your Identity Provider. As your organization scales, automated group provisioning continuously eliminates the manual process of assigning new users to groups.

Administrative controls

IT and security teams don’t always oversee access to every application in your tech stack. And not every person should have the same level of access to your tools. Calendly for Enterprise features role-based access controls so you can assign different permissions for Calendly functions. For example, admins can manage all users, update meeting Event Type details for every team, delete data, and control billing tasks. Team managers can only manage users and Event Types within their own teams, while standard users can only edit their personal Event Types and settings. Admins also can distribute updates to all users at one time, so you know everyone’s using the newest version.

Enhanced group admin permissions 

In line with making it easier to manage permissions even as your organization grows, IT can delegate management to group admins - giving them permissions to manage multiple groups of users at once without having to be a member of the group. Additionally, group admins can pull usage reports for their users, and create routing forms and managed events. Utilizing the group admin role allows for departments within an organization to operate efficiently and independently.

The security aspect of [Calendly for Enterprise was important] and the ease of deploying it out to the people that needed it. We got over a hundred licenses and it was really easy to set it up and deploy it out to the people.

Procurement Manager

Calendly for Enterprise also provides IT and security teams with an activity log where they can monitor and quickly react to security incidents.

Your team can filter and analyze key account actions including logins, user invites, and changes to organizational settings within Calendly. All activity can be downloaded in a CSV file or integrated into your existing SIEM provider (via REST API). The activity log lets you quickly review events, understand changes, and identify potentially suspicious activity.

Align with data compliance standards and regulations

Enhancing security isn’t just about protecting your own networks. You also must protect customers’ data, and delete it on request. Some industries also have strict data auditing regulations. 

Calendly for Enterprise not only aligns you with industry and global data compliance standards around the world. It also gives you the tools to complete data removal requests at scale, letting you find and delete customer data in one place. And Calendly is one of the few scheduling platforms that can create automatic backups of all communications, so you’re always prepared to audit when needed.

Calendly's enterprise security features: GDPR, Data privacy, CCPA, SSO, SCIM, 2FA, SOC 2
Calendly for Enterprise has robust security features and protocols that large organizations require.

Communication audit compliance for financial services companies

Highly regulated industries like financial services must meet special requirements when it comes to customer communications. It’s easy to stay compliant with Calendly’s two-prong approach to auditing. 

The Enterprise plan lets you send copies of each meeting invitation, reminder, and follow-up message to a bcc’d inbox, creating a trackable, auditable record of all communications with your customers. And because text messages are difficult to track, Calendly lets you turn off scheduling texts for everyone in your company’s account. By limiting outreach to email, you make it easier to keep records of all communications. 

Data privacy compliance

Customer data privacy protections have become a huge part of IT service requirements. The rise of regulations such as General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other data privacy laws around the world mean customers have more control over how their personal data is used, including the “right to be forgotten.” When asked, you must delete their data from your systems promptly.

Overtasked IT teams shouldn’t have to jump through hoops to manage customer data. Fortunately, instead of manual one-off support requests, admins can initiate customer data removal with just a few clicks. The Enterprise plan takes customer privacy a step further with our Data Deletion API, which embeds Calendly’s data deletion feature in your existing deletion process. You can remove customer data, personally identifiable information (PII), and even accounts from one easily accessible location in your existing workflow.

Screenshot: Delete data in Organization Settings.
To delete invitee user data in Calendly, click on the Organization Settings tab, then click on Data deletion.

Reinforce cybersecurity with a dedicated partner

As workflows get more complicated, software startups develop new apps to help people get more done. While these vendors may offer new and intuitive ways to work, security is often an afterthought.

Productivity shouldn't come at the expense of your network’s integrity. With Calendly, security is more than the features above. It includes our investments in people, protocols, and processes to integrate security measures into everything we do and be a responsive partner to your organization’s IT security team.

24/7 trust and safety team

Trust and safety teams must provide security support at a moment’s notice. That’s why our security operations center is actively engaged in all aspects of our platform’s security. Our team is on guard against threats 24/7 and ready to respond to incidents immediately.

Internal security protocols and training

When everyone in your partner organization has a foundation in data security, it reduces the risks from threats outside your network. We create and maintain security programs and policies for all Calendly employees. Whether they work in IT or not, everyone receives continual training so they know how to avoid data leaks resulting from human error. 

Secure software development lifecycle (SDLC)

Security checkpoints are also built into the way we develop new features:

  • Routine audits: We continuously scan for service interruptions, performance degradation, and security vulnerabilities.

  • New releases: Updated versions of Calendly require security tests, unit tests, integration tests, and end-to-end tests, as well as comparisons with our integration server.

  • Quality assurance testing: Changes are manually peer-reviewed by engineers, and then manually tested by our quality assurance team.

  • Continual monitoring: Following a release, we log, review, and address exceptions as well as conduct pen testing through multiple third-party services.

We’re at a monumental moment in our history where people are mobile, hybrid work has become the norm, and workers have an endless number of devices at their disposal, meaning security leaders have a greater responsibility to usher customers and employees safely into this new era.

Frank Russo, Chief Information Security Officer, Calendly

Chief Information Security Officer at Calendly

These are just a few examples of our dedication to security. More details are available on our security protocols and policies page.

Level up to Calendly for Enterprise

Threats to your network evolve constantly. Your organization’s success depends on meeting and collaborating with people while keeping your network secure. It’s how everyone works more effectively, wins more customers, and grows revenue. 

Calendly constantly updates and introduces new security features to keep your data — and your customers’ — safe. Consolidating your Calendly users in an Enterprise plan keeps everyone connected in a powerful, widely used scheduling platform with the security features and resources large organizations demand.

Learn why brands including Dropbox, Crocs, Lyft, L’Oreal, and La-Z-Boy trust Calendly for scheduling security.

Contact us to learn what the Enterprise plan can do for you.

Learn more about Calendly

See how your organization — like thousands of others! — can use Calendly to increase revenue, accelerate sales pipeline, and improve customer retention.
Julia Farina

Julia Farina

Julia is Senior Manager, Product Marketing at Calendly.

Related Articles

Don't leave your prospects, customers, and candidates waiting

Calendly eliminates the scheduling back and forth and helps you hit goals faster. Get started in seconds.