How SSO works with Contentstack

If you have enabled Single Sign-On (SSO) for your Organization, your IdP will handle your authentication to your SSO-enabled organization. This means that if any of your users want to sign in to Contentstack via SSO, they will be redirected to your IdP.

If users are not logged in to your IdP, they will be redirected to the IdP sign-in page, where they are required to authenticate themselves. However, if the users are already signed in to your IdP while signing into Contentstack via SSO, they will not be asked to log in again and will be redirected to the Contentstack dashboard or the requested page.

Note: If you've already logged into your SSO IdP, the trigger_sso_flow=<sso_name> query parameter automatically lets you log in to Contentstack via SSO, allowing you to skip the Contentstack login page.

However, in order to access and manage content in Contentstack, users need to be assigned specific roles in their respective IdPs and these roles need to be mapped to Contentstack roles. The IdP Role Mapping section explains in detail how this works.