How to Configure SAML 2.0 for Contentful

Read this before you enable SAML

Enabling SAML will affect all users who use this application, which means that users will not be able to sign in through their regular log in page. They will only be able to access the app through the Okta service.

Backup URL

Contentful does not provide backup log in URL where users can sign in using their normal username and password. You can email Contentful Support to turn off SAML, if necessary.


Supported Features

The Okta/Contentful SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Log in to Contentful as an administrator.

  2. Click on your organization:


  3. Select Organization settings:


  4. Select SSO, then follow the steps below:

    • ACS (Assertion Consumer Service) URL: Make a copy of the portion marked in red. This is your Organization ID.


    • SSO provider: Select Okta.

    • Single Sign-On Redirect URL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • X.509 Certificate: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.
    • Click Test connection:


  5. Once you get your Connection test successful! message, follow the steps below:

    • Enter your preferable Sign-in name.

    • Click Enable SSO:


  6. Still in Contentful, make a copy of your Sign-in name and Bookmarkable Login URL values.

  7. In Okta select the Sign On tab for the Contentful SAML app, then click Edit.

    • Enter your Organization ID you made a copy of in step 4 into the corresponding field.

    • Click Save:


  8. Done!


The following SAML attributes are supported:

SP-initiated SSO

Do one of the following:


  1. Go to https://be.contentful.com/login/sso

  2. Enter your Sign-in name you made a copy of in step 6, then click Continue:

  3. contentful7.png


Go to the Bookmarkable Login URL you made a copy of in step 6.