Getting Started
Configuring Your Account
Understand Billing
Publishing
Analytics & Reporting
Engagement
AI and Automation
Social Listening
Sprout Integrations
Tagging
Customer Care
Salesforce Service Cloud
Instagram
Facebook
X
Tiktok
Threads
WhatsApp
LinkedIn
YouTube
Pinterest
Bluesky
Getting Started
Configuring Your Account
Understand Billing
Publishing
Analytics & Reporting
Engagement
AI and Automation
Social Listening
Sprout Integrations
Tagging
Customer Care
Salesforce Service Cloud
Instagram
Facebook
X
Tiktok
Threads
WhatsApp
LinkedIn
YouTube
Pinterest
Bluesky

Security Best Practices

Table of Contents

Social Social media platforms provide extensive value for businesses and end users alike. Studies estimate that the average person spends 145 minutes per day on social media. With the increased adoption of social media comes an emphasized need to protect your social media presence from attackers.  

What are some of the risks you must be aware of and protect against when using the Sprout platform? 

  1. Any misuse of platforms representing your brand poses a reputation risk for your company.
  2. The ability to post inaccurate or disparaging information about your brand to your social networks.
  3. Disclosure of communications between you and your customers, which may disclose sensitive information.
  4. The ability to use your social networking presence as a foothold for a phishing attack.
  5. Loss of access to the Sprout platform may interrupt your ability to communicate with your customers.

At Sprout Social, we recognize the important role that social serves for you, and we take securing your account seriously. We offer several security and privacy features to help you secure your account.

Strong password standards

Strong passwords are the first line of defense against security breaches. Every organization should have a policy outlining what constitutes a strong password. The National Institute of Standards and Technology (NIST), for example, requires federal agencies to use passwords that are at least 8 characters long, but goes on to show that password length is most important.

Here are some password suggestions:

  • Sprout requires a minimum password length of 8 characters, but we suggest creating a passphrase that's 15 characters or greater.
  • Passwords shouldn't be reused across different platforms.
  • A password vault/manager may be considered to facilitate strong and unique passwords.
  • Passwords should be changed if there is suspicion they may have been compromised or disclosed.

Per Sprout licensing, passwords must not be shared.

Multifactor Authentication (MFA)

Mutifactor authentication requires another “proof” in addition to a username and password in order to gain access to the application.  Attackers regularly use passwords gathered through other hacks, phishing attacks or other means to login as a user.  These methods protect against such attacks.   

Email OTP

Email OTP, also referred to as an Email One Time Passcode, is a multi-factor authentication method that sends a temporary code (the OTP) to a registered email address that the user then inputs into the application. If the code matches the one sent to the registered email, the user’s identity is verified and they are logged into the application. For much of the platform. Sprout requires Email OTP for accounts where the Account Owner hasn't otherwise configured two-step verification or Single Sign-On (SSO). Sprout strongly recommends enabling two-step verification or SSO to provide an additional layer of security by requiring verification through a trusted device.

Two-step verification

Two-step verification, also referred to as two-factor or multi-factor verification, is an authentication method that requires a user to provide more than just a password to log in. For Sprout, enabling two-step verification requires a user to enter an additional verification code generated by a third party application, like Google Authenticator, upon login. Users should enable two-step verification individually, or the Account Owner can configure a setting to require all users on the account to use Two-Step Verification. For a higher level of security, we recommend configuring two-step verification for all users as it provides significant protection against phishing attacks.


You can find the instructions for enabling two-step verification in this article.

Single Sign-On (SSO)

Sprout offers SAML 2.0 Single Sign-on (SSO) support across web and mobile. The main benefit of implementing SSO is that the account’s authentication policies are managed and tied to the customer’s corporate-wide identity provider. If a user's permissions, access, or employment status changes, their administrators can easily disable all accounts associated with that user with minimal effort. SSO also creates a seamless user login experience, eliminating the need for employees to remember several passwords.


While the usage of SSO allows customers to set their own passwords and multi-factor authentication policies through their central identity provider, Sprout strongly suggests that the policies align with the recommendations above.


Instructions on configuring SSO on your Sprout account can be found in this article

IP allowlist

If desired, Sprout offers an IP allowlist (i.e. allowlist) feature to Enterprise customers. This feature restricts an instance of the Sprout application so that your users can log in only from known IP addresses. If users always log in from the same location with the same IP address, like a company-wide virtual private network (VPN), this feature provides another level of protection from malicious actors who may attempt to access your Sprout account.


If you have additional questions or want to get configured with an IP allowlist, contact your Customer Success Manager or Sprout’s Support team for assistance.  

Domain restrictions

Sprout offers a feature that can limit the domains to which you can send a user invite. This ensures only users with an email address from trusted companies are allowed to have an account on your instance of the platform, preventing an attacker from adding a user from a generic email domain if they gain access.  For SSO users, you can configure this as part of your SSO settings here.  If you're an Enterprise customer interested in this functionality, contact your Customer Success Manager for more information.

User permissions

Depending on your plan, Sprout offers either Standard Plan Permissions or Advanced Permissions for you to manage and control your users’ access to the platform. By setting user permissions, you can determine which of your users have manager-level permissions or which product features each of your users can access – an important element to ensuring the security of your Sprout account.

When assigning user access rights, we recommend following the Principle of Least Privilege, giving users only the access they need to carry out their job duties. 

Additionally, ensure you monitor when users leave your team and/or leave your company altogether.  User access should be quickly revoked when no longer needed.  This is another benefit of SSO integration. 

Learn more about Standard Plan permissions here or Advanced Plan permissions here.

Audit Trail Logs

The Sprout application includes audit trail logs that provide information on user actions within an account. Over fifty different events and actions are logged in the audit trail, documenting both the activity itself and the user who performed it. Information on what activities are logged in the audit trail logs can be found here.  

Users with appropriate role permissions can access and export the audit trail logs from the account. Information on downloading audit trail logs can be found here.

Back to Top up_arrow.png

 

Was this article helpful?

1 out of 1 found this helpful

Table of Contents