New self-service security and access controls

In the modern enterprise, security often feels like a trade-off. You either lock everything down and kill agility, or you move fast and accept the risks. For developers and IT operations teams architecting our digital world, this trade-off usually manifests as a mountain of support tickets for password resets and locked accounts. For strategic leaders, it manifests as the constant anxiety of compliance audits and the risk of unauthorized access.

At Contentstack, we believe security should be an enabler, not a bottleneck.

Today, we are rolling out a suite of enhanced user access management controls designed to boost enterprise security while simultaneously reducing operational friction. These updates are about giving Organization Owners and Admins more control and faster administration, all directly from the console you already use.

Here is how we are hardening the platform while making your life easier.

1. Frictionless recovery: Killing the "unlock" ticket

For IT teams, few things are more frustrating than stopping high-value work to handle a routine support ticket. Previously, if a user was locked out due to failed login attempts, it required manual intervention or a support request.

We have introduced Self-Service User Account Unlock. Admins can now instantly unlock organization user accounts directly from the platform. This capability removes the dependency on external support, drastically reducing Time-to-Resolution (TTR) for login issues and getting your team back to work in seconds, not hours.

2. MFA management at scale

Multi-Factor Authentication (MFA) is a non-negotiable security standard, but it can be a productivity killer when devices are lost or employees switch phones.

We are empowering Admins with MFA Reset (Single or Bulk). Whether it’s a single user who dropped their phone or a department-wide device refresh, Admins can now reset MFA settings instantly. This ensures that your security standards remain high without sacrificing organizational productivity.

3. Guardrails for growth: Trusted domains only

As organizations scale, inviting new users can become a vector for unauthorized access. To mitigate this, we have introduced Allowed Email Domains.

Admins can now define an explicit allowlist of email domains. This acts as a preventative guardrail, ensuring that invitations can only be sent to trusted enterprise domains. It’s a simple, powerful way to ensure that your organization grows safely, reducing the risk of accidental invites to personal emails or unauthorized third parties.

4. Enforcing a stronger perimeter

Weak passwords remain one of the most common vectors for Brute-Force and account takeover attacks. Relying on users to "do the right thing" is not a security strategy.

With our new Centrally Enforced Password Policies, organizations can now enforce enterprise-grade complexity and duration requirements across all users. This moves password hygiene from a user choice to a platform mandate, ensuring consistency and significantly raising the bar against credential-based attacks.

Building toward a secure future

These enhancements are not just isolated updates; they are the prerequisites for a more robust security posture. They address immediate needs identified through rigorous third-party Vulnerability Assessment and Penetration Testing (VA-PT) and lay the technical foundation for our upcoming Security Scorecard.

Soon, administrators will have access to a quick, in-platform view of their overall security health and the ability for users to log out of open sessions in other browsers and devices, but that visibility starts with the controls we are releasing today.

To get started

• Browse our documentation to learn how to strengthen your organization’s security configuration with Contentstack. 

• Log in to your Contentstack organization settings to configure these new controls.