Enabling SSO

Modified on Thu, 14 Sep, 2023 at 11:51 AM

If you want more control over security, you can work with your IT Team to enable Single Sign-On (SSO) for Contently. SSO allows users to log into Contently using the same credentials they use to log into your corporate intranet, identity management solution, or other trusted platform—instead of using a password they set on Contently.    

 

When you enable SSO, users will still need to be provisioned and given accounts in Contently before they can log into the platform.

 

Contently uses SAML 2.0 to securely exchange authentication data between your company’s identity management provider and Contently. SAML 2.0 is the industry standard for identity management and is supported by major identity management solutions such as Microsoft’s ActiveDirectory, Google’s G-Suite, and Okta.


If you are ready to start using SSO, please follow the instructions below.


1. Contently's Service Provider Settings for our production environment are below. Please share these settings with your IT Team and have them enable SSO for Contently. Your IT Team can choose to enable SSO in your IdP staging or production environment. 

 

CONTENTLY'S SERVICE PROVIDER PRODUCTION ENVIRONMENT SETTINGS

Protocol: SAML 2.0
Federation Process:  SP Initiated
Environment: Staging or Production
Consumer Binding: HTTP POST Binding
Service Provider Entity ID:  https://contently.com/saml/metadata
Assertion Consumer URL:  https://contently.com/saml
NameID Attribute: Email
NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Public Certificate:

 

-----BEGIN CERTIFICATE-----
MIIDWTCCAkCgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBGMQswCQYDVQQGEwJ1czEL
MAkGA1UECAwCTlkxEjAQBgNVBAoMCUNvbnRlbnRseTEWMBQGA1UEAwwNY29udGVu
dGx5LmNvbTAeFw0xNzA1MDIyMTIzMzJaFw0yNzA0MzAyMTIzMzJaMEYxCzAJBgNV
BAYTAnVzMQswCQYDVQQIDAJOWTESMBAGA1UECgwJQ29udGVudGx5MRYwFAYDVQQD
DA1jb250ZW50bHkuY29tMIIBIzANBgkqhkiG9w0BAQEFAAOCARAAMIIBCwKCAQIA
sRxLKnj4Jh6uvx54mLsKeaM1GgeegZaXa8lQ83Nz31WpVsbFzMB7n/3T4ZbpQDFX
S8nrDcStUw8LJKi3v0V9+q2mo3mB0ZOy2TV2Cq75rXu4pJuWqrfVdpjpATRDKUip
OHKfYCWiS/sUT45XmKrEkb6JkzalvZMgQYlRTaTKl5fYqwJLW1l0bjLzbtzk3PIY
ek1sahc9PcfkvjEPwAvslqwtuhQA0o3uskFC8YeE1HcvuM1/FO1NqBP7R9z6vo/q
VrobpyEYcPSQPl8lEAqMNVH3sImZfjjmsOmnMqfdgJCwljwxroHbUUbOcJ86aGFF
JqD5qh5feECug83TQbKkKnUCAwEAAaNQME4wHQYDVR0OBBYEFGYyt9BmWRydnxeE
0ciXxAlv4mgCMB8GA1UdIwQYMBaAFGYyt9BmWRydnxeE0ciXxAlv4mgCMAwGA1Ud
EwQFMAMBAf8wDQYJKoZIhvcNAQENBQADggECABJpTo5qH6uxoJ75qcKIDFUYuFzU
9C75apOHWptBi35sN95W57TCBn8ydJO/BNZVApLPm478/qFDplGT7GRG0tyOiZ2y
9yUbzOFzvSVmK2X2iWpLZcphrZGMeo3+W3D94eMXwdvUtKEL+vnL1r6RiZd3b1bW
LnwSmmivWlzuPpRpW0fhfRYvIDZMgtgM3Z9DvaQ8C5S2Qx7vrqsJN1VuIvLcdlrS
6KJ5ZZeB5uaOkXrkktcnGgAJIxwAqyH5zqBXpo2rgUM8ab58c4zMIcXSLN/9tnaf
fMupO/y5TMSvSm4PO/qsUKyM1pafuzlFB7DiBzfiMPQulQIplDGRp5zT6gTX
-----END CERTIFICATE-----


2. Once your IT Team enables SSO in your system, contact your Customer Success lead and let them know you want to use SSO. Your Customer Success lead will need some information from you. Please indicate that your IT Team enabled SSO using Contently's Service Provider production environment settings. Please also send your IdP settings including: Metadata URL, SSO Target URL, and the Public Certificate associated with your SSO IdP. Your IT Team should be able to give you this information. Please also indicate whether your IT Team enabled SSO in your company's IdP staging or production environment. Once your Customer Success lead has this information, we will be able to configure SSO for your organization. This configuration is usually pretty quick. If you need SSO enabled during a specific time window for testing purposes, please let your Customer Success lead know; we will need at least 24 hours notice in this scenario.

 

FOR IdP STAGING ENVIRONMENT INSTALLS

3. Once your IT Team enables SSO in staging and your Customer Success lead tells you that your configuration is complete on Contently's side, your IT Team will be able to test the SSO configuration. They can visit www.contently.com/signin and use an existing Contently account for this testing. If you requested a specific testing window in step 2, we will aim to enable SSO at the beginning of that window. 

 

Note: Because your IT Team enabled SSO in your IdP staging environment, once Contently enables SSO for your organization, your users will not be able to log into Contently until your IT Team completes their testing and transitions SSO to your IdP production environment.

 

4. Once your IT Team completes their testing, they will need to transition SSO to your IdP production environment. Once enabled in production, please email your Metadata URL, SSO Target URL, and Public Certificate to your Customer Success lead in case any of these settings have changed. Let them know that SSO has been moved to your IdP production environment and you are ready for the final installation phase.
Continue to step 5 below.

 

FOR IdP PRODUCTION ENVIRONMENT INSTALLS

5. Once your IT Team enables SSO in production and your Customer Success lead tells you that your configuration is complete on Contently's side, your users will be able to log into Contently using their SSO credentials. Remember that users need to be provisioned and given accounts in Contently before they can log into the platform.

 

Note: If you are unable to log into Contently after we enable SSO for your organization, please reach out to your IT Team to make sure that they enabled SSO for Contently in your IdP production environment using the correct Service Provider production settings listed above. If you still cannot log in, please reach out to your Customer Success lead.

 

ADDITIONAL INFORMATION

WHO SSO WILL BE ENABLED FOR: By default, SSO will be enabled for everyone who logs into Contently using an email domain that is tied to your organization. Your organization might have multiple email domains attached to it. If you need to check which email domains are tied to your organization, please ask your Customer Success lead. If you only want to enable SSO for a specific list of users, please tell your Customer Success lead.

 

MULTIPLE CONTENTLY PUBLICATIONS: As noted above, by default, SSO will be enabled for your entire organization. If you have more than one Contently publication, SSO will be turned on for all of your publications. If you only want to enable SSO for a specific list of users, please tell your Customer Success lead.

 

CHAINED SSO CERTIFICATES: Contently does not currently support chained certificates. To enable SSO, we will need your root certificate.

 

TERMINATING SSO SESSIONS: If you want to end a user's SSO session each time they close their browser, let your Customer Success lead know and we can enable this functionality for your organization. 

 

REDIRECTING LOGGED OUT USERS: If you want to choose which URL your users get redirected to when they log out of Contently, let your Customer Success lead know which URL you want to use and we can enable this functionality for your organization.

 

SIGNING SAML REQUESTS: Contently will expect SAML requests to be signed by default. If your IDP does not support signed SAML requests, please let us know so that we can make the necessary adjustments on our end. As long as your SAML endpoint uses SSL / TLS, the authentication will still be secure whether or not the SAML requests are signed.

 

 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article