1. On the Contentful admin console, go to Organization settings > Single Sign-On (SSO).
  2. In the SSO provider list, select Ping Identity.
  3. In the Single Sign-On Redirect URL field, enter https://pf_host:pf_port/idp/SSO.saml2.
    For example, https://pf.example.com:9031/idp/SSO.saml2.
  4. Using a text editor, copy the contents of the .crt file that you downloaded in Exporting your PingFederate signing certificate.
  5. In the X.509 Certificate field, paste the contents of the certificate file.

    A screen shot that shows the Your SSO provider details section with the redirect URL and X.509 Certificate entered in.
  6. Click Test connection.
  7. In the SSO name field, type a friendly name for the connection.
  8. Check your settings. After enabling SSO in the next step, the only way to change your SSO settings is to contact Contentful.
  9. Click Enable SSO.
  10. Optional: If you want SSO to be the only sign-on method, contact Contentful and ask for Restricted SSO. This prevents users from signing on using email or third-party services, such as GitHub, Google, or Twitter.