Contentstack LogoContentstack Logo

Security Configuration

Strengthen the security of your organization by implementing security best practices that allow you to define the level of protection you want to enforce.

You can configure the following:

  • Multi-Factor Authentication
  • Password Policies
  • Session Timeout
  • Allowed Email Domains

Multi-Factor Authentication

Multi-Factor Authentication (MFA) adds an extra layer of protection to user logins. When enabled, all users in your organization must set up MFA the next time they log in.

To enable MFA for your organization, log in to your Contentstack account and perform the following steps:

  1. Navigate to Administration through “App Switcher”.
  2. Click the Security Configuration tab.
  3. Enable MFA using the toggle switch. Click Save to save your configuration.MFA.png

Note: Once enabled, MFA setup becomes mandatory for all users on their next login.

Additional Resources: Refer to our document on setting up multi-factor authentication for more information.

Password Policies

Password policies help you control how passwords are created and maintained in your organization. You can choose to configure any combination of the available settings, depending on the level of security you want to enforce.

To enable and customize password policies for organization users, log in to your Contentstack account and perform the following steps:

  1. Navigate to Administration through “App Switcher”.
  2. Click the Security Configuration tab and select Password Policies.
  3. In the Password Duration field, set the number of days (0–365) after which passwords must be updated. For example, setting the duration to 90 days forces users to reset their passwords every 90 days.

    Note: Set Password Duration to 0 for no password expiry.

  4. In Minimum Password Length, enter a value (minimum 8).
  5. Click Save to save your configuration.Password_Policies.png

Note:

If you belong to multiple organizations:

  • The organization with the highest minimum password length applies during password reset.
  • The shortest password expiration period applies.
  • Enforcing MFA or password reset in any of these organizations, applies immediately on the next login.

Session Timeout

Session timeout in Contentstack’s Security Configuration settings allows organization owners and admins to automatically log users out after a defined period of inactivity or maximum session duration. This enhances account security by minimizing risks related to unattended active sessions.

Enabling session and idle timeouts helps ensure:

  • Improved control over user session duration
  • Reduced risk of unauthorized access from idle sessions
  • Customizable timeout periods that align with your organization’s security policies

You can also whitelist email addresses to exempt specific users from timeout enforcement, ideal for service accounts or trusted users.

To configure session timeout, log in to your Contentstack account and perform the following steps:

  1. Navigate to Administration through “App Switcher”.
  2. Click the Security Configuration tab and then select Session Timeout.
  3. Toggle the Enable Session Timeout switch to turn the feature on.
  4. In the Maximum Session Duration (hours) field, enter the desired session duration in hours. Users get automatically logged out after the configured session timeout value. Default value: 120 hours (5 days).
  5. In the Maximum Inactivity Timeout (hours) field, enter the inactivity threshold in hours. Users get automatically logged out after the configured idle timeout value. Default value: 12 hours.
  6. In the Allowlist User Email field, enter comma-separated email addresses. These users are exempt from timeout rules.Session_Timeout.png
  7. Click Save to apply your settings, or Cancel to discard changes.
Notes:
  • Session timeout is the maximum duration a user can stay logged in, regardless of activity.
  • Idle timeout logs users out after a period of inactivity.
  • Idle timeout must be shorter than the session timeout.
  • You can add any number of email addresses to the allowlist.

Allowed Email Domains

The Allowed Email Domains feature lets you restrict user access to specific email domains within your organization. This enhances security by ensuring that only users with approved email domains can be added to your organization.

Note: Enabling this setting does not affect existing users.

To enable and add email domains, log in to your Contentstack account and perform the following steps:

  1. Navigate to Administration through “App Switcher”.
  2. Click the Security Configuration tab and select Allowed Email Domains.
  3. Toggle the Enable Allowed Email Domains switch.
  4. In the Add Allowed Email Domain(s) field, enter the domains you want to allow (e.g., yourcompany.com).Allowed_Email_Domains.png

    Note: You can add up to 30 email domains.

  5. Click Save to apply the configuration.

Note: When this setting is enabled, users with unapproved email domains cannot be invited or added to your organization. An error message appears if you attempt to add them.

By implementing these security features, you can significantly enhance your organization’s security.

Was this article helpful?

More articles in "Organization Settings"

Organization Settings Overview

Learn more

Organization Information

Learn more

Organization Users

Learn more

Bulk Operations on Organization Users

Learn more

Organization Stacks

Learn more

Organization Bulk Task Queue

Learn more

About Teams

Learn more

Monitor Organization Activities in Audit Log

Learn more

Webhook Configuration

Learn more
^