Skip to content

Single Sign-On (SSO)


The CALUMO Cloud supports both OpenID Connect and SAML2 third party login services such as AzureAD, ADFS, OneLogin, OKTA, etc..


To configure your CALUMO Cloud for SAML2, send an email to CALUMO Support (via, with the following information from your third party login service:

  • SAML Entity ID
  • SAML Metadata URL
  • Attribute containing user’s email address

For a successful login to occur, the SAML attribute containing the user email address must match one of your user subscriptions in CALUMO Cloud.

In general, this is either sent through the the nameid or email SAML attribute.

For configuration on your side, our metadata is located at:

Once we have received your configuration information, we can organise a time to test the SSO process. On success, we will organise to cut over to your SSO provider at a time that best suits you and your users.

OpenID Connect

To configure you CALUMO Cloud for OpenID, you will need to send an email to CALUMO Support (via, with the name of the third party login service you are using.

If the service is AzureAD, then the configuration process is as follows:

  1. CALUMO Support provides you with a URL via email which an AzureAD administrator must action.
  2. When the administrator clicks on the URL, they will be asked to grant access to the CALUMO Login Service which creates an entry in your AzureAD and re-routes the administrator back to our service.
  3. We organise a time that suits you and your users to cut over to your SSO provider.

CALUMO On-Premises

CALUMO, when running on-premises, can be configured to support SSO with the installation of an additional component.

If you would like to setup your on-premises CALUMO for SSO, please email CALUMO Support via with this request and our support team will engage the right people internally to assist and guide you through the process.

Calumo office client authentication.

If the user was attempting a non-SSO authentication, the authorization was not succeeding for internal staff. A login upgrade was rolled out so that the authorization can be succeeded now.

Back to top