Google G Suite Single Sign-On (SSO) Setup

This step-by-step guide explains how to set up Single Sign-On in Contentstack with Google G Suite as your SAML 2.0 identity Provider (IdP).

The integration with Google G Suite can be done in two easy steps:

  1. Create SSO Name and ACS URL in Contentstack
  2. Configure Google G Suite for Contentstack

Let’s see each of the steps in detail.

Step 1 - Create SSO Name and ACS URL in Contentstack

  1. Log in to your Contentstack account. Go to the ‘Organization Settings’ page and click on the ‘Single Sign-On’ tab on the left.
    01.png
  2. Enter an SSO name of your choice, and click Create. For example, if you're company name is 'Acme, Inc.' enter 'acme' here. This name will be used as one of the login credentials by the organization users while signing in.

    Note: The SSO Name can contain only alphabets (in lowercase), numbers (0-9), and/or hyphens (-).
    02.png
    Let's use 'test-sso' as the SSO Name.
  3. This will generate Assertion Consumer Service (ACS) URL and other details such as Entity ID, Attributes and NameID Format. These details will be used in Step 2 for configuring Contentstack app in Google G Suite.
    03.png
    Keep this window open, as you may need these details for setting up Contentstack app in Google G Suite.

Step 2 - Configure Google G Suite for Contentstack

  1. Log in to your Google Admin account, click on to Apps and select SAML apps.
    1.png
  2. Click on Add a service/App to your domain, or you can click on the yellow plus (+) icon in the right bottom corner.
    2.png
  3. This will open the Enable SSO for SAML Application window. Click on SETUP MY OWN CUSTOM APP.
    3.png
  4. Copy the link in the SSO URL field and paste it into the corresponding Sign-On URL field in Contentstack's Single Sign-On settings. Click on the Download button to download the Certificate. Upload the downloaded certificate file in Contentstack’s SSO setting.
    4.png
  5. Next, you will see the Basic information for your Custom App window where you can provide an application name and upload a logo. Then, click Next to proceed further to SAML settings.
    5.png
  6. Now you will come to the Service Provider Details window where you need to provide the ACS URL and the Entity ID of your Contentstack application.
    6.png
  7. In the Name ID field, select Basic information and Primary Email. For the Name ID Format field, select EMAIL. Click on Next.
    7.png
  8. In the Attribute Mapping window, click on ‘ADD NEW MAPPING’.
    8.png
  9. Enter ‘email’, and select ‘Basic information’ and ‘Primary Email’; enter ‘first_name’, and select ‘Basic information’ and ‘First Name’; and enter ‘last_name’, and select ‘Basic information’ and ‘Last Name’.
    9.png
  10. You’ll get the following prompt. Click on OK.
    10.png
  11. Now, you’ll see your SAML app.
    11.png
  12. Click the three dots at the top of the gray box. You will see three options: ‘On for everyone’, ‘OFF’, and ‘On for some organizations’.
    12.png
  13. Select ‘On for some organizations’ and click on ‘TURN ON FOR EVERYONE’ to confirm.
    13.png
  14. Now you will see that your app has been turned on for everyone.
    Screenshot 2017-11-17 16.29.18.png

With this, you are done with setting up the new Contentstack app in Google G Suite. You can now proceed to configuring the remaining steps in Contenstack. 

Further steps

User Management

In Contentstack, save your settings and go to ‘3. User Management’.

Enable Strict Mode if you do not want any users to access the organization without SSO login. Learn More.

Session Timeout lets you define the session duration for a user signed in through SSO. While the default is set to 12 hours, you can modify it as per your requirement. Learn more.

Test & Enable

Go to '4. Test & Enable' in Contentstack.

Click the Test SSO button to check if your SSO settings have been configured properly. It is highly recommended that you test your settings before enabling SSO. Learn more

To enable SSO for your Contentstack organization, click on Enable SSO. Once this is enabled, users of this organization can access the organization through SSO. You can then disable SSO from the same page when required. Learn more.

Was this article helpful?
top-arrow