Getting Started
Migration Guide
Setup
- Influencer Marketing: How do I create and use Workspaces?
- Influencer Marketing: How do I connect my Instagram account?
- Influencer Marketing: Organization Default Settings Overview
- Influencer Marketing: General Settings Overview
- Influencer Marketing: How do I manage users and user permissions?
- Influencer Marketing: Single Sign-on
Users
Profiles
- Influencer Marketing: How can I search for Creators?
- Influencer Marketing: What information is contained in a Creator's Profile?
- Influencer Marketing: How should I use Topics they talk about section of a Creator Profile?
- Influencer Marketing: How should I use the Brand Fit Score for a Creator Profile?
- Influencer Marketing: How do I use Brand Safety when evaluating creators?
- Influencer Marketing: How should I use the Analytics section of a Creator Profile?
Campaigns
- Influencer Marketing: How do I create a Campaign?
- Influencer Marketing: How do I set up a Campaign?
- Influencer Marketing: How do I use Boolean logic for queries?
- Influencer Marketing: How do I add users to a campaign?
- Influencer Marketing: How do I manage user access in a campaign?
- Influencer Marketing: How do I add teams to a campaign?
Creators
- Influencer Marketing: What is Sprout Social Creator Hub?
- Influencer Marketing: How do I make a Creator Hub account?
- Influencer Marketing: How can I change a creator's email?
- Influencer Marketing: How do I use Creator Flow?
- Influencer Marketing: How do I manage and monitor creator connections?
- Influencer Marketing: How do I use Review in the Creator View?
TikTok Creator Marketplace
- Influencer Marketing: What are the benefits of using TikTok Branded Content?
- Influencer Marketing: How can creators create TikTok Branded Content using TikTok One?
- Influencer Marketing: How do I connect my TikTok One account?
- Influencer Marketing: How do I boost TikTok posts with Spark Ads?
- Influencer Marketing: How does a creator accept a Spark Ads Request?
- Influencer Marketing: What if a creator isn't part of the TikTok Creator Marketplace?
Reports
- Influencer Marketing: How do I create a Report?
- Influencer Marketing: How do I create a new Custom Report?
- Influencer Marketing: What’s included in a Report?
- Influencer Marketing: What are the components of a Report?
- Influencer Marketing: Report settings
- Influencer Marketing: How do I view estimated fees in Reports?
One-Sheet Builder
- Influencer Marketing: How do I create a One-Sheet Builder?
- Influencer Marketing: How do I use the Profile One-Sheet Builder?
- Influencer Marketing: What’s included in a One-Sheet?
- Influencer Marketing: How do I create a Custom Field?
- Influencer Marketing: How do I customize EMV?
- Influencer Marketing: How do I use Link Tracking?
Integrations
- Influencer Marketing: How do I boost Instagram posts with Partnership Ads?
- Influencer Marketing: How do I use the Meta Partnership API to request permissions?
- Influencer Marketing: What integrations are available?
- Influencer Marketing: How do I connect my Dropbox Sign account?
- Influencer Marketing: How do I activate and use Affiliate Marketing?
- Influencer Marketing: Getting Started with TUNE
Influencer Marketing FAQs
- Influencer Marketing: How is data collected?
- Influencer Marketing: How can I verify if a creator's profile is authenticated?
- Influencer Marketing: How do I hire creators in bulk?
- Influencer Marketing: How do I customize email footers and signatures?
- Influencer Marketing: How do I customize the Collaborator Portal?
- Influencer Marketing Creators: Can I share access to Profiles?
Influencer Marketing: User Provisioning using SCIM (Early Access)
Table of Contents
SCIM Provisioning
SCIM (System for Cross-domain Identity Management) is an open standard that allows you to automatically manage user identities across different systems. With SCIM provisioning enabled, your identity provider (IdP) - such as Okta, Microsoft Entra ID, or OneLogin - can automatically create, update, and deactivate user accounts in Sprout Social Influencer Marketing, keeping your team roster in sync without any manual work.
What does SCIM do?
- Automatic user creation — When you assign someone to the Sprout Social Influencer Marketing application in your IdP, their account is automatically created.
- Profile sync — Changes to a user's name, email, or phone number in your IdP are automatically reflected in Sprout Social Influencer Marketing.
- Automatic deactivation — When you unassign or deactivate a user in your IdP, their account is deactivated and all active sessions are revoked immediately.
- Reactivation — Re-assigning a previously deactivated user in your IdP reactivates their account.
Prerequisites
Before setting up SCIM provisioning, make sure that:
- SSO is enabled — SCIM requires Single Sign-On (SSO) to be configured for your organization first. See our Influencer Marketing: Single Sign-on documentation page if you haven't enabled it yet.
- You have admin access in both Sprout Social Influencer Marketing and your identity provider.
Important: Most identity providers (including Okta, Microsoft Entra ID, and OneLogin) do not support SCIM provisioning on OIDC applications. You will need to create two separate apps in your IdP — one for SSO (OIDC) and one for SCIM provisioning. To keep user assignments in sync, we recommend creating a user group in your IdP and assigning it to both applications. This way, any user added to the group is automatically assigned to both SSO and SCIM.
Setting up SCIM in Sprout Social Influencer Marketing
Before configuring your identity provider, you need to enable SCIM and generate a bearer token in Sprout Social Influencer Marketing.
Step 1: Enable SCIM provisioning
- Go to Settings → Security.
- Find the SCIM Provisioning section.
- If SCIM is not yet enabled, click Enable. If you see a Disable button, SCIM is already active.
Step 2: Generate a SCIM token
- Click Generate Token.
- A dialog will appear warning you that the token will only be shown once. Click Generate.
- Copy the token using the Copy token to clipboard button. Store it in a secure location — you will not be able to view it again.
- Click Done.
After generating the token, you'll see it listed (partially masked) in the SCIM Provisioning section along with who created it and when.
Important: If you lose the token, click Regenerate Token to create a new one. This will invalidate the previous token and you will need to update it in your identity provider.
Values you'll need for your identity provider
| Field | Value |
|---|---|
| SCIM Base URL (Tenant URL) | https://influencer.sproutsocial.com/scim/v2 |
| Authentication method | HTTP Header / OAuth Bearer Token |
| Bearer Token (API Token) | The token you copied in Step 2 |
Configuring Okta
Note: Okta does not support SCIM provisioning on OIDC applications. If you already have an OIDC app configured for SSO, you will need to create a separate application for SCIM. We recommend creating a user group and assigning it to both apps so that users are provisioned for SSO and SCIM at the same time.
- In the Okta Admin Console, go to Applications → Applications and click Create App Integration.
- Select SWA - Secure Web Authentication as the sign-in method and click Next.
- Name the application (e.g., "Sprout Social Influencer Marketing - SCIM") and click Finish.
- Go to the General tab, scroll to App Settings, and click Edit. Under Provisioning, select SCIM and click Save.
- Go to the Provisioning tab and click Edit.
- Enter the following:
-
SCIM connector base URL:
https://influencer.sproutsocial.com/scim/v2 -
Unique identifier field for users:
userName - Supported provisioning actions: check Push New Users, Push Profile Updates, and Push Groups.
- Authentication Mode: HTTP Header
- Authorization: Paste the SCIM token you generated in Sprout Social Influencer Marketing.
-
SCIM connector base URL:
- Click Test Connector Configuration to verify the connection. You should see a success message.
- Click Save.
- On the Provisioning tab, go to To App and click Edit.
- Enable the following:
- Create Users
- Update User Attributes
- Deactivate Users
- Click Save.
- Go to the Assignments tab to assign users or groups to the application. Assigned users will be automatically provisioned in Sprout Social Influencer Marketing.
Configuring Microsoft Entra ID (Azure AD)
Note: Entra ID does not support SCIM provisioning on OIDC app registrations. You will need to create a separate Enterprise application for SCIM provisioning. This is a different section from App registrations where your SSO (OIDC) app is configured. We recommend creating a user group and assigning it to both apps so that users are provisioned for SSO and SCIM at the same time.
- In the Microsoft Entra admin center, go to Identity → Applications → Enterprise applications.
- Click New application, then Create your own application.
- Name the application (e.g., "Sprout Social Influencer Marketing - SCIM"), select Integrate any other application you don't find in the gallery (Non-gallery), and click Create.
- Go to Provisioning in the left sidebar and click Get started.
- Set Provisioning Mode to Automatic.
- Under Admin Credentials, enter:
-
Tenant URL:
https://influencer.sproutsocial.com/scim/v2 - Secret Token: Paste the SCIM token you generated in Sprout Social Influencer Marketing.
-
Tenant URL:
- Click Test Connection to verify that Entra ID can connect. You should see a confirmation message.
- Click Save.
- Expand the Mappings section. Click on Provision Microsoft Entra ID Users to review the attribute mappings. The following attributes are supported:
-
userName→ user's email address displayNamename.givenNamename.familyNameemails[type eq "work"].valuephoneNumbers[type eq "work"].valueactiveexternalId
-
- We recommend mapping the Entra ID
objectId(oid) attribute toexternalId. This ensures each user has a stable, unique identifier that persists even if their email address changes. - Remove or disable any mappings for unsupported attributes to avoid provisioning errors.
- Go back to the Provisioning page and set Provisioning Status to On.
- Assign users or groups under Users and groups to start provisioning.
Note: Entra ID runs provisioning cycles approximately every 40 minutes. The initial cycle may take longer. You can trigger a manual sync by clicking Provision on demand.
Configuring OneLogin
Note: OneLogin does not support SCIM provisioning on OIDC applications. If you already have an OIDC app configured for SSO, you will need to create a separate application for SCIM. We recommend creating a user group (role) and assigning it to both apps so that users are provisioned for SSO and SCIM at the same time.
- In the OneLogin Admin portal, go to Applications → Applications and click Add App.
- Search for "SCIM Provisioner with SAML (SCIM v2 Core)" and select it.
- Name the application (e.g., "Sprout Social Influencer Marketing - SCIM") and click Save.
- Go to the Configuration tab.
- Enter the following:
-
SCIM Base URL:
https://influencer.sproutsocial.com/scim/v2 - SCIM Bearer Token: Paste the SCIM token you generated in Sprout Social Influencer Marketing.
-
SCIM Base URL:
- Set API Connection to Enabled and click Save.
- Go to the Provisioning tab.
- Check Enable provisioning.
- Configure the following workflows as needed:
- When users are created in OneLogin → Create user
- When users are deleted in OneLogin → Deactivate
- When user accounts are suspended in OneLogin → Suspend
- Click Save.
- Go to the Parameters tab to review attribute mappings. Ensure the following are mapped:
- Email (userName)
- First Name (name.givenName)
- Last Name (name.familyName)
- Go to Users to assign users to the application.
Supported attributes
The following user attributes are supported for provisioning:
| SCIM Attribute | Description |
|---|---|
userName |
The user's email address (required, must be unique) |
name.givenName |
First name |
name.familyName |
Last name |
displayName |
Full display name |
emails |
Email addresses (primary email is used) |
phoneNumbers |
Phone number |
active |
Whether the user is active or deactivated |
externalId |
External identifier from the identity provider |
FAQ
What happens when I reactivate a user?
If a user was previously deactivated via SCIM and you re-assign them in your identity provider, their account will be reactivated and they can log in again.
I lost my SCIM token. How do I get a new one?
Go to Settings → Security → SCIM Provisioning and click Regenerate Token. You can choose to invalidate the old token immediately or after 24 hours to allow for a smoother transition. Make sure to update the new token in your identity provider configuration.
Can I have multiple SCIM tokens?
No. Only one active SCIM token is supported per organization. Regenerating a token replaces the existing one.
Which identity providers are supported?
Sprout Social Influencer Marketing should support any identity provider that implements the SCIM 2.0 standard. We have tested with the following providers:
- Okta
- Microsoft Entra ID (formerly Azure AD)
- OneLogin
Do I need SSO enabled to use SCIM?
Yes. SSO must be enabled for your organization before you can set up SCIM provisioning. SSO handles authentication (how users log in), while SCIM handles user lifecycle management (creating, updating, and deactivating accounts).
Do I need two apps in my identity provider?
Most likely, yes. Most identity providers (including Okta, Entra ID, and OneLogin) do not support SCIM on OIDC applications, so you'll need a separate app for SCIM provisioning. Use a user group to assign users to both apps at the same time.
Was this article helpful?