Getting Started
Configuring Your Account
Understand Billing
Publishing
Analytics & Reporting
Engagement
AI and Automation
Social Listening
Employee Advocacy
Sprout Integrations
Tagging
Customer Care
Salesforce Service Cloud
Influencer Marketing
Instagram
Facebook
X
Tiktok
Threads
WhatsApp
LinkedIn
YouTube
Pinterest
Getting Started
Configuring Your Account
Understand Billing
Publishing
Analytics & Reporting
Engagement
AI and Automation
Social Listening
Employee Advocacy
Sprout Integrations
Tagging
Customer Care
Salesforce Service Cloud
Influencer Marketing
Instagram
Facebook
X
Tiktok
Threads
WhatsApp
LinkedIn
YouTube
Pinterest

Single Sign-on (SSO)

Table of Contents

Sprout Social offers SAML 2.0 Single Sign-on (SSO) support to our customers across web and mobile. SSO enables an employee to use a single set of managed login credentials (e.g., name and password) to access multiple applications.

Note: Sprout does not support OpenID Connect (OIDC) or Web Service Federation (WS-Fed).

Sprout's Support and Engineering teams can't consult on the best way to configure SSO or answer SSO questions 1:1. Instead, work with your internal IT teams or IDP provider to talk through SSO configuration and ask questions.

Benefits of SSO

The main benefit of implementing SSO is account security. If an employee’s permissions, access or employment status changes, their network administrator can easily disable all accounts that are associated with that user with minimal effort. Additionally, SSO creates a more seamless user login experience as it eliminates the need for employees to remember or keep track of several passwords.

Supported SSO Providers

Single Sign-on for Sprout Social is directly supported by the following IdPs:

  • OneLogin
  • Google
  • Okta
  • Azure AD

Sprout Social supports SAML (Security Assertion Markup Language) 2.0 for SSO, so even if your IdP isn’t listed, you should still be compatible as long as your IdP supports SAML 2.0.

Technical Specifications

Collaborate with your IT/Security teams to get the required technical information to plan Sprout’s custom SSO integration. Here is some technical information your IT team may need to get the process started:

  • Sprout supports IdP and SP initiated SSO via SAML 2.0
  • Sprout AuthnRequests have an Issuer value/Entity ID that is unique to each Sprout instance. This enables you to set up separate SSO configuration for multiple Sprout instances within the same IdP. The Entity ID is provided to you when you generate the Service Provided metadata file during SSO setup (see further details in the following section)
  • Sprout's Assertion Consumer Service (ASC) URL is https://app.sproutsocial.com/auth/sso/consumption
  • Sprout requires that IdPs use emailAddress as their Response's Subject's NameIDPolicy or use an unspecified field to use flexible NameIDs such as EmployeeID or other unique identifier. If using unspecified NameID, an email attribute also needs to be provided.
  • Sprout uses HTTP REDIRECT or POST bindings
  • Sprout requires a signing certificate from you

To obtain the necessary technical details and XML file, your IT/Security team needs to:

  1. Navigate to Settings > Account > Authentication Settings.
  2. Click Generate SP Metatdata in the SAML Sign-on Configuration section. This generates the XML file needed to set up SSO for Sprout in your organizations IdP. 

On the screen, you’ll see the information that will be required by your IT/Security team to configure SSO in the IdP:

  • Assertion Consumer Service (ACS) URL
  • Issuer (this will be unique to your Sprout instance)
  • And Sprout’s NameID requirements.

Your IT/Security team must configure Single Sign-On for Sprout in the IdP and provide an XML file that they can upload into Sprout. 

Next Steps

Once the XML file is uploaded and SSO is enabled, you can configure your SSO settings

 

Table of Contents