Single sign-on (SSO) is a secure, time-saving user authentication process. SSO lets users access multiple applications with a single account and sign out instantly, all with one click.
Sprout Social Influencer Marketing partners with an "identity provider" (IdP), or an external service that works to confirm the identities of users who request access to a private platform.
First, a connection is authenticated and configured by a user with appropriate access permissions. This enables users to trust that the details of identities provided by IdP are correct and trustworthy.
SSO allows users to bypass setting up their Sprout Social Influencer Marketing password- they can use any available method of authentication to IdP.
Jump to:
Sprout Social Influencer Marketing's SSO Support
Sprout Social Influencer Marketing supports SSO using OpenID Connect standard which acts as the platform's service provider, and Okta as the identity provider (IdP).
Please note that integrating with other IdP services (e.g. GSuite) requires additional development and is not supported at the moment.
Setup SSO
In order to utilize SSO, users need to have administrative privileges in Okta and be an Admin in Sprout Social Influencer Marketing.
Begin by configuring Okta. Please follow the steps below:
In Okta:
Step 1:
Log into the administration panel of your Okta organization.
Step 2:
Add a new application.
Click on the "Applications" menu located at the top of the page.
Click on “Add Application” in the top left, then select, “Create new App” on the next page.
Select “Web”, check “OpenID Connect” and then click “Next”.
Input the following information:
Name: Sprout Social Influencer Marketing
Login redirect URL: https://influencer.sproutsocial.com/sso
After confirmation, edit the General Settings tab:
Click “Edit”.
Check the boxes for “Authorization Code” and “Refresh Token”.
Click “Save”.
This page should be left open for later use.
In Sprout Social Influencer Marketing:
Step 1:
Log in to Sprout Social Influencer Marketing and go to Organization Settings.
Step 2:
Select “Security”, and fill out the necessary data in the Single Sign-On section:
Client ID & Secret: copy the values from the Okta webpage.
Issuer URL:
If not using a custom Authorization Server, it should be a URL in the following form: "https://your-organization-name.okta.com/oauth2".
If using a custom Authorization Server, you can find this URL in API settings in Okta:
In Okta, hover over “Security” then select “API”, located at the top.
Select “Authorization Servers” and then copy “Issuer URI”. Paste this value into the corresponding box within Sprout Social Influencer Marketing.
Domain: Domain used by users in your organization.
For example, if your user is [email protected], the domain is sproutsocial.com.
It is possible to add more than one domain, but there needs to be a minimum of one.
Step 3:
Select “Enable”.
Please note that users may get redirected to Okta to confirm their identity and access rights. Once completed, the Okta settings will be enabled for the organization.
Usage
Once Sprout Social Influencer Marketing detects a domain with configured SSO, the password input bar disappears and users are prompted to continue with SSO.
Users with emails from configured domains will be presented with the following login screen:
By continuing, users will be redirected to Okta where they will log in to confirm their identity. Based on the level of confirmation, users will follow the next steps:
If a user has already logged into Sprout Social Influencer Marketing, they will be logged in to their account.
If a user has not logged in to Sprout Social Influencer Marketing yet, a new Sprout Social Influencer Marketing account will be created for them, populating it with information from the Okta user directory.
A newly created user will not be a member of any Teams and will have a default set of Rights.
If a user has been blocked in the Okta user directory, they won't be able to access it either.
Other Domains
If users are present in the Okta user directory but have a custom domain (other than the one that has been configured for the domain), they still can access Sprout Social Influencer Marketing using SSO. There's a special login site for such users:
Here, users are able to use their email address and Organization identifier, which can be obtained from Org Admin or Sprout Social Influencer Marketing Support, to proceed with SSO login and follow the flow as described above.