Enable SAML Encryption

Security Assertion Markup Language (SAML) is an open standard for trading authorized content such as logins, identifiers, and other suitable attributes between Contentstack and an IdP.

SAML simplifies and secures the authentication process by authorizing users with a single set of authentication credentials.

An IdP stores specific SAML attributes that help validate users during logins. Allowing encryption of the SAML attributes adds another layer of security so that personal or corporate data is not compromised.

Note: Enabling SAML encryption is optional. Even without the encryption, communication between the IdP and Contentstack application transpires over encrypted links.

Once you enable the encryption, the IdP will encrypt the SAML attributes using the public key obtained from Contentstack.

To enable SAML encryption, perform the following steps:

1. Log in to your Contentstack account, go to the Organization Settings page, and click on the Single Sign-On tab.

   Note: Only the owner of an organization can set up SSO.

2. Click on the 2. IdP Configuration tab.
3. Check the Enable SAML Encryption checkbox, and click on Save.

You will need a public certificate to encrypt your SAML attributes via your IdP. Download the Contentstack Public Certificate for either the NA region or the EU region and upload it to your IdP to configure the SAML encryption.