Employee Advocacy
Admins, Managers and Contributors
Readers
Zapier Integration

Password Allowlist for exception to SSO Login

Table of Contents

Description

We understand that not all users on your Sprout Social account are managed by your Identity Provider (IdP) for Single Sign-On (SSO). Whether you work with agency users, contractors, or other non-employees, you need flexibility in how different users log in.

With the SSO Exception Allowlist, you can now enforce SSO for the majority of your users while allowing specific, designated users to log in using a username and password. This feature gives you greater control over your security settings, ensuring a more flexible and secure login experience for your entire team.

 

How It Works

Customers utilizing SSO will now have a new option to enable an allowlist of users that can use passwords instead of SSO. 

 

If SSO is configured for a customer, there are now three options available: 

  • “Allow Advocacy Managed Passwords” is OFF
    • All users are required to use SSO to access Advocacy 
  • “Allow Advocacy Managed Passwords” is ON and “Restricted Password Login to User-Specific Allowlist” is OFF
    • All users can use either SSO or a password to access Advocacy
  • “Allow Advocacy Managed Passwords” is ON and “Restricted Password Login to User-Specific Allowlist” is ON
    • Only users on the allowlist can use a password to access Advocacy; all other users have to use SSO 

The allowlist of users can be edited via “Edit Members” even when the toggle is turned off – it just won’t be enforced until the toggle is turned on. This allows customers to get the correct users in the allowlist before launching the change. 

If the allowlist is enabled, when inviting new users, admins will be able to set whether the new users should be added to the allowlist or not. This option is available when inviting users manually or importing them in bulk via CSV.

The process for setting up an account differs based on whether a user is added to the allowlist:

  • Users added to the allowlist: Their invitation email will contain instructions for setting up their password.
  • Users not added to the allowlist: Their invitation email will direct them to the organization's configured SSO identity provider for login.

This choice is available for both manual individual invitations and bulk imports via CSV.

Was this article helpful?

0 out of 0 found this helpful

Table of Contents