Single Sign-on (SSO)
Sprout Social offers SAML 2.0 Single Sign-on (SSO) support to our customers across web and mobile. SSO enables an employee to use a single set of managed login credentials (e.g., name and password) to access multiple applications.
Note: Sprout does not support OpenID Connect (OIDC) or Web Service Federation (WS-Fed).
Sprout's Support and Engineering teams can't consult on the best way to configure SSO or answer SSO questions 1:1. Instead, work with your internal IT teams or IDP provider to talk through SSO configuration and ask questions.
Benefits of SSO
The main benefit of implementing SSO is account security. If an employee’s permissions, access or employment status changes, their network administrator can easily disable all accounts that are associated with that user with minimal effort. Additionally, SSO creates a more seamless user login experience as it eliminates the need for employees to remember or keep track of several passwords.
Supported SSO Providers
Single Sign-on for Sprout Social is directly supported by the following IdPs:
- OneLogin
- Okta
- Azure AD
Sprout Social supports SAML (Security Assertion Markup Language) 2.0 for SSO, so even if your IdP isn’t listed, you should still be compatible as long as your IdP supports SAML 2.0.
Technical Specifications
Collaborate with your IT/Security teams to get the required technical information to plan Sprout’s custom SSO integration. Here is some technical information your IT team may need to get the process started:
- Sprout Social supports IdP and SP initiated SSO via SAML 2.0
- Sprout Social AuthnRequests will have an Issuer value / Entity ID of https://app.sproutsocial.com
- Sprout Social's Assertion Consumer Service (ASC) URL is https://app.sproutsocial.com/auth/sso/consumption
- Sprout Social requires that IdPs use emailAddress as their Response's Subject's NameIDPolicy or use an unspecified field to use flexible NameIDs such as EmployeeID or other unique identifier. If using unspecified NameID, an email also needs to be provided.
- Sprout Social uses HTTP REDIRECT bindings
- Sprout Social requires a signing certificate from the customer
Next Steps
If you have SSO enabled and are a managed user, you can configure your SSO settings.
Comments 0 comments
Article is closed for comments.