How do I manage my password policy, including allowing certain users to bypass SSO?

Managing your Password Policy

You can manage your custom Password Policy using Sprout’s Managed Passwords. You can specify specific password policy ingredients to include. To create a custom Password Policy:

1. Navigate to your name > Account and settings > Settings.
2. Click Single Sign-On in the left-hand navigation under Account. The Single Sign-On screen appears.
3. Toggle Enable Sprout Managed Passwords to ON.
   
4. Specify your required Password Policy ingredients. Create the following:
   • Minimum character length
   • Minimum lowercase letters
   • Minimum upper case letters
   • Minimum numbers to include
   • Minimum special characters to include
   • The number of unique passwords a user has to use before they can re-use an old password 
   • The number of days before a password expires (Expiry)
5. (Optional) Set the following optional ingredients. If you leave the following disabled, your users can’t set a password that includes their name or username. If you want, you can choose to allow one or all of the following as a part of the password: 
   • Allow User Name
   • Allow First Name
   • Allow Last Name
6. Click Save changes. Your Managed Passwords are now in effect. 

You can also force a password reset upon users’ next log in when saving your policy changes. To do this, toggle Force password reset to ON.

If you want to start over with Sprout’s required baselines, you can click Reset all to baseline to populate your Password Policy ingredients back to their original values.

Creating a Password Allowlist

A Password Allowlist enables you to create a list of users that are excepted from SSO. Users you add to this list can log in via username and password, while every other user is required to log in via SSO. This is a great tool to use if you have agencies or non-employee contractors that use your Sprout account, but aren’t managed by your organization’s IdP and aren’t eligible for SSO.

To create a Password Allowlist:

1. Navigate to your name > Account and settings > Settings.
2. Click Single Sign-On in the left-hand navigation under Account. The Single Sign-On screen appears.
3. Scroll down to Password Allowlist and toggle Enable User-Specific Allowlist to ON.
   
4. Click Add Members. The Edit Allowlist popup appears.
   
5. Choose the members you want to exempt from SSO by searching or scrolling for them on the left-hand side of the popup.
6. Click the name of the user you want to add to the Allowlist, and then click the arrow icon .
7. Add the remaining Sprout Members you want to the Allowlist, and then click Save Changes. Now those users can log in via username and password, instead of SSO.

If you want to remove a user from the Allowlist and force SSO for log in, you can click the reverse arrow icon on the Edit Allowlist popup and Save Changes to move them off the Allowlist.