How do I configure my Single Sign-on settings?

If you’re a managed customer, you can self-service Single Sign-On (SSO) to configure your own SSO setup. From the SSO settings page, you can upload your identity provider SSO metadata file, edit your SAML settings, enable or disable Sprout-Managed passwords, enable or disable Just-In-Time provisioning and set a default Role or Group and Profile permissions for an authenticated SSO user’s account upon their first login.

Requirements

  • You must have SSO enabled for Sprout. For more information about using SSO with Sprout, read this Help Center guide.
  • These options are only available for managed customers.
  • The Manage Single Sign On permission must be turned on under Company Permissions. By default, Account Owners have this setting enabled and can grant this permission to other users.


    manage-sso.png

In this article:

 

SAML settings

To update your SAML settings:

  1. Navigate to Settings > Account > Single Sign-On.
    sso.png
  2. Click Edit SAML Settings if you want to make changes to any of your SAML settings.
    configure-saml.png

To upload your XML file with your SSO metadata, click Upload XML File. Your systems administrator can provide you with this file.

JIT provisioning

With SSO JIT provisioning enabled, a user account is automatically created when a user successfully logs in to Sprout via SSO for the first time, eliminating the need for manual invitations.

To set up JIT provisioning:

  1. Navigate to Settings > Account > Single Sign-On.
  2. Click Enable Just-In-Time Provisioning.

Once you’ve enabled JIT, you’ll be able to see your remaining user seats under the Single Sign-On settings page and the Team Members section.

remaining-seats.png

team-members-remaining.png

Note: If you assign all your seats, the Account Owner will receive an email and JIT will be disabled.

User JIT SSO experience

A user can create an account by logging into the Sprout web app via SSO for the first time.

Note: JIT SSO is not available for the Sprout mobile app.

user-sso.png

Once a new user logs in, the Account Owner will receive an email with a notification that a new user account has been created. You can manage a user’s permissions by clicking Manage User.

new-user-jit.png

Set a default Role or Group and Profile

If you’re on the Advanced Plan, you can assign new users a default Role or a default Group and Profile. If you’re on the Standard or Professional Plans, you can assign new users a default Group and Profile. For more information on Groups, Profiles and Roles in Sprout, see our Administration Basics.
default-assignment.png

If you select Assign with Role, you can choose the default Role for new users from the dropdown menu.
assign-with-role.png

If you select Assign with Group and Profile, you can choose the Group and Profile from the dropdown menu.
group-and-profile.png

Note: If you select Assign with Group and Profile, users will be assigned Read Only access to the Profile. You can update this access later.

Was this article helpful?

Still can't find what you're looking for?

Powered by Zendesk