When a user is included in an SSO-enabled Organization, he/she accesses the Organization through SSO using their IdP credentials instead of their Contentstack credentials (which they might not have created). If, later on, SSO is disabled for the Organization, the user will not be able to log in to Contentstack through IdP. However, the user is still part of the Organization.
To access the same organization, the user will have to perform the following steps:
- Open Contentstack’s login page and click the Forgot Password? link.
- Enter the email address and click SEND INSTRUCTIONS.
Now, the user will receive the password reset instructions on the email address. The user needs to follow the instruction and login to their Contentstack account.
If the IdP experiences system fails, then the owner can perform the following steps:
- Log in to the Contentstack account.
- Open the Organization Users setting, disable Strict Mode, and grant access to the required user(s) by checking the Allow access without SSO option.
These users will now be able to access the organization using their Contentstack credentials, instead of through SSO (IdP credentials).
However, if the user does not have a Contentstack account, he/she will receive an email with the account setup instructions to create an account in Contentstack. Post setting up their account, they will be able to access the Organization content.
To sign in to an SSO-enabled organization in Contentstack, perform the following steps:
- Open the login page of Contentstack and click the Login via SSO link.
- Then, enter your organization SSO Name, and click on Continue. This will open your corporate IdP login page.
Note: You must have received the SSO name in your stack or organization invitation email. If you do not know your organization SSO Name, contact your organization owner or admin.
- Finally, sign in to your Contentstack account by entering your IdP login details.
To invite users that are not in your IdP, perform the following steps:
- Log in to your Contentstack account, go to Organization Settings page, open the 3 User Management tab, and disable the Strict Mode.
- Then, go to the USERS tab located at the header, and invite users.
- While inviting, select the Allow Access Without SSO checkbox. This will allow the invited user to access the SSO-enabled organization through Contentstack credentials.
No. You do not have to send an invitation again since the existing users continue to remain part of the organization, even after SSO is enabled.
Nothing changes for the existing users, except that they are required to sign in using SSO, instead of normal Contentstack username/password login. However, if any existing user is not part of your identity provider, you may have to disable Strict Mode and update the user in Contentstack by assigning permission to Allow Access Without SSO.