Administration FAQs

Organization is specifically designed for administrators to simplify the process of managing stacks and permissions of a group or company. Organization encapsulates all users, stacks and all the resources within stacks. It allows you to manage roles and permissions for the users and stacks of your account and enables smoother collaboration between the users.  For more information, read Work with Organizations documentation.

Yes, you can. To do so, log in to your Contentstack account and perform the steps given below:

1. Click on the “ORGANIZATION” drop-down on the header and select the Organization you want to access
2. Click on the “Org Admin” icon on the left. This will open the “Settings” page.
3. In the “Organization Info” section, click on the “Transfer Ownership” button on the right-hand side. 
   
4. Enter the email ID of the user to whom you wish to transfer the Organization"s ownership and click on “Transfer”. This will send an email invitation to the user to accept the ownership of the organization. If the user does not receive the invitation, you can resend the invitation by clicking on “Resend”.

Once the invited user accepts the ownership invitation, the organization will cease to be under your ownership and you will be assigned the ‘Member’ role. 

Note: Only the owner of the organization can transfer the ownership of the organization.

To create a new organization, contact the Contentstack support team at [email protected].

To get the details of an organization, log in to your Contentstack account and perform the following steps:

1. Click on the  "ORGANIZATION" drop-down on the header and select the Organization you want to access.
2. Click on the “Org Admin” icon on the left navigation panel.

This will open the ‘Organization Settings’ page which consists of the details of the organization as shown in the following screenshot:

Note: Only the Owner and the Admin users can view this info. 

You cannot delete an organization. To permanently disable your organization, contact the Contentstack support team at [email protected].

To get a list of all stacks in an organization, log in to your Contentstack account and perform the steps given below:

1. Click on the "ORGANIZATION" drop-down on the header and select the Organization that you want to access.
2. Click the “Org Admin” icon on the left navigation panel.
3. Click on the Stacks tab on the left-hand side of the page. This will open the Stacks page that displays the list of all the stacks that belong to the organization.

Only the Owner and the Admin users of the organization has the right to invite users to the organization. To invite users to an organization, log in to your Contentstack account and perform the steps given below:

1. Click on the "ORGANIZATION" drop-down on the header and select the Organization you want to access.
2. Click on the “Org Admin” icon on the left navigation panel.
3. Click on the Users tab on the left-hand side of the page. This will open the Users page that displays the list of users who belong to that organization.
4. Click on the Invite User button on top of the page.
5. In the “Invite User” form that opens, enter the following details:Under the Email section, enter the email ID(s) of the user(s) you wish to share the stack with.In the Organization Roles section, you also need to assign a role to the user. You can select either the ‘ADMIN’ or ‘MEMBER’ role.In the Stack-level permissions section, assign stack-specific roles to these users.
6. Click on Invite to send the invitation to the user(s).

To get a list of all users in an organization, log in to your Contentstack account and perform the steps given below:

1. Click on the “ORGANIZATION” drop-down on the header and select the Organization that you want to access.
2. Click on the “Org Admin” icon on the left navigation panel.
3. Click on the Users tab on the left-hand side of the page. This will open the Users Overview page that displays the list of users who belong to that organization.
   

To remove a user from an organization, log in to your Contentstack account and perform the steps given below:

1. Click on the ORGANIZATION drop-down on the header and select the Organization that you want to access.
2. Click on the “Org Admin” icon on the left navigation panel.
3. Click on the Users tab. This will open the Users page that displays the list of users who belong to that organization.
4. Click on the user that you wish to remove and click on the “Remove” icon.

In Contentstack, roles can be assigned at two level: Organization-level roles and Stack-level roles.

While inviting a user to an organization, you can assign Member and Admin roles. These roles define what you can do in the organization. Read more about organization roles.

When inviting a user to a stack, you can assign Developer, Content Manager or a custom role. These role define what a user can do within the stack. Read more about stack roles.

Yes, there are limits to your usage in an organization. These limits depend on the plan that you have subscribed for.

To get the plan details and usage of your organization, log in to your Contentstack account and perform the following steps:

1. Click on the ORGANIZATION drop-down on the header and select the Organization that you want to access.
2. Click on the “Org Admin” icon on the left navigation panel.
3. Click on the Plan & Usage tab. This will lead you to the Plan & Usage page that will display the current usage and maximum allowed limit of the current plan’s features, which include stacks, assets, entries, content types, and users, API calls, and bandwidth.

To update a user role in an organization, log in to your Contentstack account and perform the steps given below:

Click on the ORGANIZATION drop-down on the header and select the Organization that you want to open.Click on the “Org Admin” icon on the left navigation panel.Click on the Users tab on the left-hand side of the page. This will open the Users page that displays the list of users who belong to that organization.
Click on the user whose role you wish to update. This will open the ‘User Details’ page.Reassign the respective organization roles for the user.Click on the Update button to update the roles of the user(s).
Note: You need to be the organization owner or be assigned the 'admin' role in order to update the roles of users in an organization.

To retrieve the organization ID of an organization, log in to your Contentstack account and perform the steps given below:

1. Click on the ORGANIZATION drop-down on the header and select the Organization that you want to access.
2. Click on the “Org Admin” icon on the left navigation panel.
3. By default, the Organization Info section is opened which displays the name and ID of an Organization.
   

You cannot change the name of an organization. In order to do so, please contact our Support team.

Users who are assigned the ‘Admin’ role will be able to access and modify the organization information, invite users, view usage, etc. whereas users assigned the ‘Member’ role will not be able to access any Organization settings.

No, after a user has been removed from the organization, he/she will not able to access the stacks shared/created by them in the organization.

Yes, you can add users to add and edit content for your website. For that, you need to share the relevant stack with other users.

If you do not see the Users & Roles option under "Settings,” it means you do not have permission to add new users to your stack. Please contact the stack owner to add users or to grant you the necessary permissions.

You can add an unlimited number of users to a stack.

Yes, you can control access to content for users and groups by assigning them specific roles. We recommend you to go through the Roles section in order to achieve this functionality.

No. The Owner and the Admin roles are not editable. Other roles are editable.

No, the developer can remove only those users whom he/she has invited to the stack.

Only the owner of the stack has the right to delete a stack.

The Custom Role gives you the provision to apply permissions at entry, field, and asset levels.

No, each stack can have only one Owner, who has complete rights to the content and settings of a stack. In addition to that, the Owner has the right to delete a stack as well as transfer the ownership of the stack to another user.

Yes, both the roles are different and the differences that are mentioned in the Stack Admin vs Stack Developer section.

Only the Owner, Admin, and users assigned the “Developer” role can add users to a stack.

Users with the Custom or Content Manager role cannot view the full Stack settings, but they may have access to limited or specific settings, depending on their assigned permissions.

Yes, there are certain limitations in Roles. They are as follows:

• Title: The title of a role should be between 1 and 160 characters.
• Description: The description of a role should not exceed 320 characters.
• Permissions Limitations: When creating a custom role, you cannot add individual components beyond certain limits in permissions. The maximum allowed limit of components (Content Types, Entries, Assets, Locales, Environments) within the permissions of a custom role is 100.

To enable SSO, you need to meet these two conditions:

• You must be the owner of the organization
• SSO must be a part of your Contentstack plan

If you meet these two conditions, you can set up SSO for your organization by following the Set up SSO guide.

When a user is included in an SSO-enabled Organization, he/she accesses the Organization through SSO using their IdP credentials instead of their Contentstack credentials (which they might not have created). If, later on, SSO is disabled for the Organization, the user will not be able to log in to Contentstack through IdP. However, the user is still part of the Organization.

To access the same organization, the user will have to perform the following steps:

1. Open Contentstack’s login page and click the Forgot Password? link.
2. Enter the email address and click SEND INSTRUCTIONS.

Now, the user will receive the password reset instructions on the email address. The user needs to follow the instruction and login to their Contentstack account.

An organization owner can always use his Contentstack credentials to log in to Contentstack and make relevant changes, irrespective of whether SSO has been enabled or not.

If the IdP experiences system fails, then the owner can perform the following steps:

1. Log in to the Contentstack account.
2. Go to Organization settings page and open the Single Sign-On tab, go to User Management, disable Strict Mode, and grant access to the required user(s) by checking the Allow Access without SSO option.

These users will now be able to access the organization using their Contentstack credentials, instead of through SSO (IdP credentials).

However, if the user does not have a Contentstack account, he/she will receive an email with the account setup instructions to create an account in Contentstack. Post setting up their account, they will be able to access the Organization content.

To sign in to an SSO-enabled organization in Contentstack, perform the following steps:

1. Open the login page of Contentstack and click the Log in via SSO button.
2. Then, enter your organization SSO Name, and click on Log in via SSO button. This will open your corporate IdP login page.
   Note: You must have received the SSO name in your stack or organization invitation email. If you do not know your organization SSO Name, contact your organization owner or admin.
3. Finally, sign in to your Contentstack account by entering your IdP login details.

To invite users that are not in your IdP, perform the following steps:

Log in to your Contentstack account, go to the Organization Settings page and click on Single Sign-On tab, open the User Management tab, and disable the Strict Mode.

1. Then, go to the Users tab located at the header, and invite users.
2. While inviting, select the Allow Access without SSO checkbox. This will allow the invited user to access the SSO-enabled organization through Contentstack credentials.

No. You do not have to send an invitation again since the existing users continue to remain part of the organization, even after SSO is enabled. 

Nothing changes for the existing users, except that they are required to sign in using SSO, instead of normal Contentstack username/password login. However, if any existing user is not part of your identity provider, you may have to disable Strict Mode and update the user in Contentstack by assigning permission to Allow Access Without SSO.

Adding encryption to SAML attributes adds another layer of security, ensuring that personal or corporate information is not compromised.

Your SAML attributes such as email, first name, and last name that are mapped with your IdP are encrypted. Learn more about SAML encryption.

You need to enable SAML encryption in Contentstack and your IdP settings.

To enable SAML encryption in Contentstack, follow the steps given below:

1. Log in to your Contentstack account, go to the Organization Settings page, and click on the Single Sign-On tab.
2. Click on the IdP Configuration tab.
3. Check the Enable SAML Encryption toggle, and click on Save.

Provide the following details in your IdP to enable SAML encryption:

1. In the Single Sign-On Url field, provide the ACS URL that was generated for your organization in Contentstack.
2. Use Contentstack’s Entity ID (generated in Step 1) in your IdP in Audience URI, SP Entity ID, SAML Issuer ID, or fields similar to these.
3. In the NameID Format, select or enter Email Address. This defines the parameter that your IdP should use to identify Contentstack users.
4. [Optional Step] If you want to encrypt your SAML attributes, you need to enable SAML encryption in your IdP and upload the Contentstack Public Certificate.

To add new IdP users to your SSO enabled organization, just add them to any of your IdP group or role (in your IdP settings) that is mapped with Contentstack roles. They can then directly login to Contentstack (via SSO) with the corresponding permissions.

If you want to provide a different set of permissions to some users, create a new group/role in your IdP, and add users to this group. Subsequently, add the mapping for this group in Contentstack SSO user settings.

To invite external users, disable Strict Mode and invite them as usual from Contentstack from Organization Settings. Remember to select the Allow login without SSO checkbox.

Yes. Only the roles received from your IdP for the users will be honored. This means that, on enabling IdP Role Mapping, the existing roles assigned to the users will be overridden by the roles assigned to IdP groups. This, however, is not applicable for external users (i.e., users who log in without SSO to your SSO-enabled organization).

Please note that there is no way to revert the changes that were overridden by your IdP roles. The roles that were assigned to users prior to enabling IdP Role Mapping are erased.

If you disable IdP Role Mapping, Contentstack no longer honors roles (and permissions) returned by your IdP. There are, however, no changes to the existing permissions of the users in Contentstack. Users continue to maintain the permissions that they had.

However, subsequent to disabling IdP Role Mapping, role management can be done only through Contentsatack’s Users and Roles settings.

Here’s a step-by-step guide that explains how to enable SCIM for your Contentstack organization and manage user provisioning through OneLogin as your identity provider (IdP).

To enable SCIM, however, the following things need to be in place:

• SCIM must be part of your Contentstack plan
• You must either be an owner or admin of the organization

Currently, we support SCIM for OneLogin, Microsoft Azure AD, and Okta Native apps. We plan to add support for other IdPs soon.

The endpoint to edit user details is not supported. Considering that users can be members of more than one organization in Contentstack, we do not support an organization to edit user details such as their name or email address.

However, to change users’ organization role, you can use the Contentstack app and follow the steps mentioned in this Change Organization Role of Existing Users guide.

Contentstack supports SCIM 2.0.

If you deprovision users via IdP, they will no longer be a part of the respective Contentstack organization. However, those users will still have access to the Contentstack account.

If a user belongs to multiple groups, he/she will get the highest order of permission on the organization and stack(s). For example, user1 belongs to group1 and group2, and these groups have the following set of permissions:

• Group1:Organization Admin“Developer” role in all stacks
• Group2: Organization Member“Content manager” role in all stacks

In this case, user1 will be the admin of the organization and have the “Developer” and "Content manager" roles in all the stacks.

Contentstack accounts are password protected. To make them more secure, we have two-factor authentication that lets you add an extra layer of security. 

In case you forget your password, you can reset it again by performing the steps given below:

1. Click the Forgot Password? link on the login page.
2. On the Forgot your Password? page, enter your email ID and click the Send Instructions button. You will receive an email containing the password reset page link.
3. On the Reset Password page, enter the new password and click the Reset Password button.

Now you can log into your account using the new password.

To reset your Contentstack user account password, log in to your Contentstack account, and perform the following steps

1. Click your profile located at the top-right corner of the page, and select Security. This opens the Account Settings page.
2. Under the Change Password section, enter your old password and new password, confirm it, and click Update to update your password

Now you can log in to your account using new password.

In case you forget your password, please contact our Support team.

To change the registered phone number associated with your Contentstack account, log in to your Contentstack account using existing phone number, and perform the following steps:

1. Click your profile located at the top-right corner of the page, and select Security. This opens the Account Settings page.
2. Under the Two-factor Authentication section, click the Reset your phone number link.
3. Enter the new phone number and click Reset.
4. Select a method to verify your phone number either using the Authy app or via text message, and perform the verification process as performed while enabling two-factor authentication.

If you do not have access to the phone number that was used for 2FA registration, you will need to contact our Support team for further assistance.

For any enterprise, data is of utmost importance and it's crucial to protect it. So, it's very important to have a proper disaster recovery plan in place to cover all contingencies. To do so, it's imperative that we set in place a system that will considerably reduce the damages caused by a fire, theft, flooding, etc, by backing up our data at appropriate locations.

Apart from natural disasters, backing up files can protect your content against accidental loss of user data, database corruption, and hardware failures. It’s our job as service providers to make sure that backups are performed and in a secure location.

We have taken this into account and have come up with the required measures to create the right plan for you.

Let’s see them in detail.

• Region and Availability Zones
• We leverage AWS to deploy Contentstack in multiple availability zones so that if one of the instances in an availability zone fails, the requests will be routed to one of the healthy instances. If an availability zone fails altogether, the requests will be routed to the working availability zones. Contentstack won't face any downtime.
• Highly Available Architecture
• Contentstack has a network architecture that is designed for maximum reliability and uptime, and offers up to 99.95% Service Level Agreement (SLA) for its services, just as promised. The infrastructure consisting of highly-available, redundant number of data centers ensures minimum service interruption due to natural disasters, hardware failures, or other incidents.
• CDN and Caching
• Our highly efficient CDN ensures faster delivery of content irrespective of the destination with the help of nodes that are spread all around the world. Also, it allows caching – keeping copies of content that were requested earlier thus making it available for future requests.
• Data is constantly backed up
• We use a Cloud-based backup solution to backup our database. For every request made, your data is constantly backed up.

You can choose a region for your organization data while subscribing for a Contentstack (organization) account.

Contact our support team for more details.

• For AWS North America, our main region is Oregon, US (us-west-1) and the backup region is North Virginia, US (us-east-1).
• For AWS Europe, our main region is Ireland, Europe (eu-west-1) and the backup is Frankfurt, Europe (eu-central-1).
• For Azure North America, our primary region is West US 2 and our backups are configured in US East region(MongoDB Database backups) and West US region(Assets backups)
• For Azure Europe, our primary region is US-East-1 (N. Virginia) and our backup region is EU Central 1 (Frankfurt)

• For GCP North America, our primary region is Oregon, US (us-west1) and the backup region is South Carolina, US (us-east1)

For GCP Europe, our primary region is europe-west1 (Belgium) and our backup region is europe-west3 (Frankfurt).

For AWS Australia, our primary region is Sydney and our backup region is Singapore.

The European data center is completely separate from the North American data center. So, if you choose a region for your organization, the whole data of your organization will reside in the selected region.

No. Data is NOT shared between the European and North American data centers. Both the data centers are 100% separate and isolated from each other. Every piece of your organization data resides in your choice of region. This means that you cannot decide to store some parts of the organization data in one region and the rest in the other.
Once an organization has been registered/ created, you cannot change the organization region.

The base API URLs to access the European, Azure North American, and Azure European region’s content are different from those of the North American region. Refer to the API Endpoints section above for more details.

Yes. New product features and updates will be available in both regions. When a new product feature is released, it's first made available to the North American region. Then, in the next 2 weeks, the same feature will be available for the European region. We will keep our customers informed about the release dates through the pre- and post-release emails.

The North American and European data centers are completely separate from each other and not meant to serve as a disaster recovery mechanism if either of them goes down. Within each data center, we already have an efficient disaster recovery system in place that works to ensure continuous and high availability during an outage.

Yes. New product features and updates will be available in both regions at the same time. We will keep our customers informed about the release dates through the pre-release and post-release emails.

No. Though both regions serve different customer bases, there is no difference in their performances. Contentstack app functions at the optimum level in the Azure as well as the AWS regions.
Similarly, both regions have high levels of data security and privacy.

The Azure NA or Azure EU region is separate and independent from other regions and therefore has different login URLs, passwords, and API endpoints to access organization apps and content.

No. Both the regions have an efficient disaster recovery system that works to ensure continuous and high availability during an outage.

You can either use the Azure NA region login endpoint or navigate to the login page and select “Azure North America” as your region.

You can either use the Azure EU region login endpoint or navigate to the login page and select Azure Europe as your region.

You can either use the GCP NA region login endpoint or navigate to the login page and select “GCP North America” as your region.

You can either use the GCP EU region login endpoint or navigate to the login page and select “GCP Europe” as your region.

You can either use the AWS AU region login endpoint or navigate to the login page and select “GCP Europe” as your region.

No. You cannot store parts of your organization's content in multiple regions. If you choose the Azure North America (NA) data center as your region, all of your organization's data will reside in the same region.

Navigate to the status.contentstack.com page and scroll down to the section of your region to know the status. 
Currently, we have support for Seven regions.

• Amazon Web Services US Region
• Amazon Web Services EU Region 
• Amazon Web Services AU Region 
• Microsoft Azure US Region
• Microsoft Azure EU Region
• Google Cloud Platform US Region
• Google Cloud Platform Europe Region

No. All regions and data centers offer the same tiers of SLA as defined in the Contentstack-Customer agreement.