cs-icon.svg

Set up SSO with Google G-Suite

This step-by-step guide explains how to set up Single Sign-On (SSO) in Contentstack with Google G Suite as your SAML 2.0 identity Provider (IdP).

The integration with Google G Suite can be done in two easy steps:

  1. Create SSO Name and ACS URL in Contentstack
  2. Configure Google G Suite for Contentstack

Let’s see each of the steps in detail.

  1. Create SSO Name and ACS URL in Contentstack

    1. Log in to your Contentstack account, go to the Organization Settings page, and click on the Single Sign-On tab.Set_up_SSo_1_highlighted.png
    2. Enter an SSO Name of your choice, and click Create. For example, if your company name is “Acme, Inc.” enter “acme” here. This name will be used as one of the login credentials by the organization users while signing in.

      Note: The SSO Name can contain only alphabets (in lowercase), numbers (0-9), and/or hyphens (-).

      Set_up_SSo_2_highlighted.png Let's use “sso-test” as the SSO Name.
    3. This will generate Assertion Consumer Service (ACS) URL and other details such as Entity ID, Attributes and NameID Format. These details will be used in Step 2 for configuring the Contentstack app in Google G Suite.ACS_URL.png

      Keep this window open, as you may need these details for setting up the Contentstack app in Google G Suite.
  2. Configure Google G Suite for Contentstack

    1. Log in to your Google Admin account, click on to Apps, and select SAML apps
      1.jpg
    2. Click on Add a service/App to your domain, or you can click on the yellow plus (+) icon in the right bottom corner.2.png
    3. This will open the Enable SSO for SAML Application window. Click on SETUP MY OWN CUSTOM APP. 
      3.jpg
    4. Copy the link in the SSO URL field and paste it into the corresponding Sign-On URL field in Contentstack's Single Sign-On settings. 
    5. Click on the Download button to download the Certificate and upload the downloaded certificate file in Contentstack’s SSO setting.
      4.jpg
    6. Next, you will see the Basic information for your Custom App window where you can provide an application name and upload a logo. Then, click Next to proceed further to SAML settings.
      5.jpg
    7. Now you will come to the Service Provider Details window where you need to provide the ACS URL and the Entity ID of your Contentstack application.6.png
    8. In the Name ID field, select Basic information and Primary Email. For the Name ID Format field, select EMAIL. Click on Next.
      7.jpg
    9. In the Attribute Mapping window, click on ADD NEW MAPPING
      8.jpg
    10. Enter “email,” and select Basic information and Primary Email; enter “first_name,” and select Basic information and First Name; and enter “last_name,” and select Basic information and Last Name.
      9.jpg
    11. On the following prompt, click on OK10.jpg
    12. Now, you will see your SAML app.
      11.jpg
    13. Click the three dots at the top of the gray box. You will see three options: On for everyone, OFF, and On for some organizations
      12.jpg
    14. Select On for some organizations and click on TURN ON FOR EVERYONE to confirm. 13.jpg
    15. Now you will see that your app has been turned on for everyone.
      Screenshot 2017-11-17 16.29.18.png

    With this, you are done with setting up the new Contentstack app in Google G Suite. You can now proceed to configuring the remaining steps in Contentstack. 

Further steps

User Management

In Contentstack, save your settings and go to 3. User Management.

Enable Strict Mode if you do not want any users to access the organization without SSO login.

image.png

Session Timeout lets you define the session duration for a user signed in through SSO. While the default is set to 12 hours, you can modify it as per your requirement.

Test & Enable

Go to 4. Test & Enable in Contentstack.

Click the Test SSO button to check if your SSO settings have been configured properly. It is highly recommended that you test your settings before enabling SSO.

image.png

To enable SSO for your Contentstack organization, click on Enable SSO. Once this is enabled, users of this organization can access the organization through SSO. 

image.png

You can then disable SSO from the same page when required.

Disable_SSO.png


Was this article helpful?
^