A Strong Performer in The Forrester Wave™: Digital Experience Platforms, Q4 2025
Contentstack
Changelog

Security Configuration

Strengthen the security of your organization by implementing security best practices that allow you to define the level of protection you want to enforce.

You can configure the following:

  • Multi-Factor Authentication
  • Password Policies
  • Allowed Email Domains

Multi-factor Authentication

Multi-Factor Authentication (MFA) adds an extra layer of protection to user logins. When enabled, all users in your organization must set up MFA the next time they log in.

To enable MFA for your organization, log in to your Contentstack account and perform the following steps:

  1. Navigate to Administration through “App Switcher”.
  2. Click the Security Configuration tab.
  3. Enable MFA using the toggle switch. Click Save to save your configuration.

Note: Once enabled, MFA setup will be mandatory for all users on their next login.

Additional Resources: Refer to our document on setting up multi-factor authentication for more information.

Password Policies

Password policies help you control how passwords are created and maintained in your organization. You can choose to configure any combination of the available settings, depending on the level of security you want to enforce.

To enable and customize password policies for organization users, log in to your Contentstack account and perform the following steps:

  1. Navigate to Administration through “App Switcher”.
  2. Click the Security Configuration tab and select Password Policies.
  3. In the Password Duration field, set the number of days (1–365) after which passwords must be updated. For example, setting the duration to 90 days forces users to reset their passwords every 90 days.
  4. In Minimum Password Length, enter a value (minimum 8).
  5. Click Save to save your configuration.

Note:

If you belong to multiple organizations:

  • The organization with the highest minimum password length applies during password reset.
  • The shortest password expiration period applies.
  • Enforcing MFA or password reset in any of these organizations, applies immediately on the next login.

Allowed Email Domains

The Allowed Email Domains feature lets you restrict user access to specific email domains within your organization. This enhances security by ensuring that only users with approved email domains can be added to your organization.

Note: Enabling this setting does not affect existing users.

To enable and add email domains, log in to your Contentstack account and perform the following steps:

  1. Navigate to Administration through “App Switcher”.
  2. Click the Security Configuration tab and select Allowed Email Domains.
  3. Toggle the Enable Allowed Email Domains switch.
  4. In the Add Allowed Email Domain(s) field, enter the domains you want to allow (e.g., yourcompany.com).

    Note: You can add up to 30 email domains.

  5. Click Save to apply the configuration.

Note: When this setting is enabled, users with unapproved email domains cannot be invited or added to your organization. An error message appears if you attempt to add them.

By implementing these security features, you can significantly enhance your organization’s security.

More articles in "Organization Settings"