Getting Started
Configuring Your Account
Understand Billing
Publishing
Analytics & Reporting
Engagement
AI and Automation
Social Listening
Sprout Integrations
Tagging
Customer Care
Salesforce Service Cloud
Instagram
Facebook
X
Tiktok
Threads
WhatsApp
LinkedIn
YouTube
Pinterest
Bluesky
Getting Started
Configuring Your Account
Understand Billing
Publishing
Analytics & Reporting
Engagement
AI and Automation
Social Listening
Sprout Integrations
Tagging
Customer Care
Salesforce Service Cloud
Instagram
Facebook
X
Tiktok
Threads
WhatsApp
LinkedIn
YouTube
Pinterest
Bluesky

How to Secure Your Sprout Social Account with Multifactor Authentication (MFA)

Table of Contents

The below article is a summary of the mandatory changes regarding Multifactor Authentication (MFA) and our security recommendations to ensure your account is secure and you have seamless access to Sprout Social.

Was there a recent change to Sprout Social logins?

Starting April 15, 2025, all Sprout users require an extra layer of security to log in to Sprout Social called Multifactor Authentication (MFA). The MFA options available in Sprout would include: 

This would apply to logins to the Sprout platform on desktop, as well as the mobile app. This doesn't apply to our Employee Advocacy or Influencer Marketing platforms.

Why is Multifactor Authentication required in Sprout?

To maintain account security and adhere to standard industry security best practices, Sprout requires Multifactor Authentication with all user logins. 

Enforcing MFA better protects your Sprout account and brand reputation by preventing unauthorized access. For more details on security best practices, check out this article.

How do I set up Multifactor Authentication?

If an account has not been configured to require users to login using Two-Step Verification (via authenticator app) or Single Sign-On, a user’s method of multifactor authentication automatically defaults to a One-Time Passcode (OTP) sent to the email address associated with their Sprout login.

How does Email One-Time Passcode (OTP) work?

With Email OTP, our system sends a temporary code to the registered email address when logging into the Sprout app.

When logging into Sprout, users:

  1. Enter their username and password on the log in screen.
  2. Receive a one-time code that's sent to the registered email (the email address at login).
  3. Enter the code from the email to complete the login process for Sprout.

This means that each time a user logs into Sprout using OTP as their method of multifactor authentication, they are required to enter a passcode that is sent to the email address associated with that login.

What if I am not receiving the code via email? 

To receive the one-time passcode, you must have access to your registered email address, and your email settings must allow emails from Sprout (i.e., not filtered or blocked). If Sprout emails are filtered or blocked, ensure to check Spam and Junk folders, then check with your IT administrator to troubleshoot further.  

What is Two-Step Verification (via authenticator app)?

This option of multifactor authentication enables you to receive autogenerated verification codes using an authenticator app on your mobile device, such as Google Authenticator, Authy, Onelogin, or Microsoft Authenticator. 

How do I enable Two-Step Verification (via authenticator app)?

To configure two-step verification (via authenticator app), navigate to the Security page in your Sprout Settings and select to enable two-step verification for your login. From there, follow the prompts to set this up within an authenticator app of your choosing. 

For more detailed information on how to set up two-step verification (via authenticator app), follow the instructions listed in this article How do I set up two-step verification for my Sprout account?

Can an Account Owner Require Two-Step Verification (via authenticator app)?

An Account Owner has the option to require that all users on the account configure two-step verification within their Security settings. If this requirement is toggled on by the Account Owner, all users would be prompted to setup 2SV (via authenticator app) with their next Sprout login. 

Can I use Single Sign-On (SSO) instead of MFA Codes? 

An Account Owner or user with “Manage SSO” permissions can update their SSO configuration to require that all users login via Single Sign-On rather than email and password. If this is enabled, users would not be required to enter any additional verification codes and would instead login via their configured Identity Provider service. 

How does an account enable Single Sign-On (SSO)?

If you are the Sprout Account Owner or have the “Manage SSO” permission, you can follow these instructions to enable SSO for your account.

Troubleshooting Login Issues + FAQS

I haven’t received my One-Time Passcode (OTP) email code. What should I do?

First, verify that you have access to the email inbox associated with your Sprout user login. Check your Spam/Junk folder and confirm the email hasn't been deleted or archived. If you're not receiving any Sprout emails, your IT team may need to investigate security filters within your organization. If, after these steps, you still can't locate your code, please contact Sprout Support, detailing the troubleshooting steps you've already taken.

What if I don’t have access to the email that’s receiving the One-Time Passcode (OTP)?

Please contact our Sprout Support Team who can assist you with a temporary bypass to be able to access your account and update the email address to one in which you do have access. 

What if I lose access to my authenticator app or the mobile device it's on?

Please contact our Sprout Support Team who can assist you with resetting your Two-Step Verification configuration to allow you to link a new device/application. Note: this process will require some additional security verification.

I am a user on multiple Sprout Social accounts. How does Multifactor Authentication (MFA) affect me?

If you are on multiple Sprout accounts, your method of Multifactor Authentication defaults to Two-Step Verification via authenticator app if that is required by any of your accounts. Otherwise, you can expect to receive a One Time Email Passcode prompt.

Can I disable Multifactor Authentication (MFA) on my account?

We understand Multifactor Authentication requirements may not be ideal depending on your organization’s current setup. However, in order to ensure your account is secure and your brand is protected, having access to the email inbox used to log into your Sprout account is a requirement when setting up users. If you are encountering continued issues accessing your passcode or have specific requirements in place by your organization that prevent you from using alternatives such as Two-Step Verification (via authenticator app) or SSO, please feel free to contact our Sprout Support Team to discuss any available accommodations. 

Can I opt out of Multifactor Authentication (MFA)?

In order to ensure your account is secure and your brand is protected, having access to the email inbox used to log into your Sprout account is a requirement. If you are encountering continued issues accessing your passcode or have specific requirements in place by your organization that prevent you from using alternatives such as 2FA/2SV/MFA our Sprout Support Team can look into any available accommodations.

How do we manage Multifactor Authentication (MFA) with a shared email login?

Sharing usernames/passwords is against our Terms of Service (Section 3.2 states: "...each Authorized User will be issued its own unique user identification and password."). Therefore, we can't advise on shared logins or potential MFA issues. However, we can anticipate login issues if users lack access to the associated email inbox, which is required for user setup. We can explore adding new user seats to your plan for better account security. If interested, we can connect you with an appropriate member of our Sprout team to explore this further.

Was this article helpful?

2 out of 2 found this helpful

Table of Contents