A Strong Performer in The Forrester Wave™: Digital Experience Platforms, Q4 2025
CS-log-dark.svg

Set up SSO with Google G-Suite

This step-by-step guide explains how to set up Single Sign-On (SSO) in Contentstack with Google G Suite as your SAML 2.0 identity Provider (IdP).

The integration with Google G Suite can be done in two easy steps:

  1. Create SSO Name and ACS URL in Contentstack
  2. Configure Google G Suite for Contentstack

Let’s see each of the steps in detail.

  1. Create SSO Name and ACS URL in Contentstack

    1. Log in to your Contentstack account, go to the Organization Settings page, and click on the Single Sign-On tab.
      Click to enlarge
    2. Enter an SSO Name of your choice, and click Create. For example, if your company name is “Acme, Inc.” enter “acme” here. This name will be used as one of the login credentials by the organization users while signing in.

      Note The SSO Name can contain only alphabets (in lowercase), numbers (0-9), and/or hyphens (-).

      Click to enlarge
       Let's use “sso-test” as the SSO Name.
    3. This will generate Assertion Consumer Service (ACS) URL and other details such as Entity ID, Attributes and NameID Format. These details will be used in Step 2 for configuring the Contentstack app in Google G Suite.
      Click to enlarge


      Keep this window open, as you may need these details for setting up the Contentstack app in Google G Suite.

  2. Configure Google G Suite for Contentstack

    1. Log in to your Google Admin account, click on to Apps, and select SAML apps
      Click to enlarge
    2. Click on Add a service/App to your domain, or you can click on the yellow plus (+) icon in the right bottom corner.
      Click to enlarge
    3. This will open the Enable SSO for SAML Application window. Click on SETUP MY OWN CUSTOM APP. 
      Click to enlarge
    4. Copy the link in the SSO URL field and paste it into the corresponding Sign-On URL field in Contentstack's Single Sign-On settings. 
    5. Click on the Download button to download the Certificate and upload the downloaded certificate file in Contentstack’s SSO setting.
      Click to enlarge
    6. Next, you will see the Basic information for your Custom App window where you can provide an application name and upload a logo. Then, click Next to proceed further to SAML settings.
      Click to enlarge
    7. Now you will come to the Service Provider Details window where you need to provide the ACS URL and the Entity ID of your Contentstack application.
      Click to enlarge
    8. In the Name ID field, select Basic information and Primary Email. For the Name ID Format field, select EMAIL. Click on Next.
      Click to enlarge

    9. In the Attribute Mapping window, click on ADD NEW MAPPING
      Click to enlarge
    10. Enter “email,” and select Basic information and Primary Email; enter “first_name,” and select Basic information and First Name; and enter “last_name,” and select Basic information and Last Name.
      Click to enlarge
    11. On the following prompt, click on OK
      Click to enlarge

    12. Now, you will see your SAML app.
      Click to enlarge
    13. Click the three dots at the top of the gray box. You will see three options: On for everyone, OFF, and On for some organizations
      Click to enlarge
    14. Select On for some organizations and click on TURN ON FOR EVERYONE to confirm. 
      Click to enlarge

    15. Now you will see that your app has been turned on for everyone.
      Click to enlarge

    With this, you are done with setting up the Contentstack app in Google G Suite. You can now proceed to configuring the remaining steps in Contentstack. 

Further steps

User Management

In Contentstack, save your settings and go to 3. User Management.

Enable Strict Mode if you do not want any users to access the organization without SSO login.

Click to enlarge

Session Timeout lets you define the session duration for a user signed in through SSO. While the default is set to 12 hours, you can modify it as per your requirement.

Test & Enable

Go to 4. Test & Enable in Contentstack.

Click the Test SSO button to check if your SSO settings have been configured properly. It is highly recommended that you test your settings before enabling SSO.

Click to enlarge

To enable SSO for your Contentstack organization, click on Enable SSO. Once this is enabled, users of this organization can access the organization through SSO. 

Click to enlarge

You can then disable SSO from the same page when required.

Click to enlarge