SAML Frequently Asked Questions and Common Errors

Here are some answers to common questions people may have when setting up, maintaining, or logging in to Smartsheet with a SAML-based Single Sign-On (SSO) service. To learn more about the steps to set up and maintain SAML, see SAML and SSO for Smartsheet - Overview

Why am I not able to sign in to Smartsheet with the Your Company Account button? 

This is can be caused by the following:

  • Your browser may be storing outdated login data. Clear the cache and cookies in your browser before you attempt to sign in again. 
  • It's possible that your profile in the Identity Provider (IdP) being used to authenticate your information has not yet been added or needs to be updated. Partner with the IdP admin or your IT department in your organization to ensure your profile information is present in the IdP.
  • You may not have been added to the account that your domain is associated with. Contact your System Admin to have them add you to the account.

If the issue persists, take a screen capture of the error message you’re seeing and provide it to our Support team for further troubleshooting. 

What should I do when I receive a notice that my certificates are about to expire?

You can update the certificate information in Smartsheet using the steps in Replace an Expired IdP Certificate for SAML. Note that you’ll need to have the new certificate generated by your Identity Provider (IdP) before you begin making changes in Smartsheet. 

Why is my browser saying that my network isn’t secure when I try to sign in to Smartsheet with the Your Company Account button?

SAML login requires a secure network. If you receive a message like this, check the following:

  • Make sure your device is connected to your company’s internal network before you attempt to sign in.
  • If you use a VPN to connect to your company’s network, make sure the VPN is online and connected. 

If the issue persists, take a screen capture of the error message you’re seeing and provide it to our Support team for further troubleshooting. 

Why has the option to update IdP metadata in Smartsheet been made unavailable to me?

If you are using the same EntityID as another Smartsheet account, you won’t be able to edit the metadata. Have the System Admin of the other Smartsheet account follow the steps in the Replace an Expired IdP Certificate for SAML article to update the metadata for everyone who is using it. 

If you’re not sure who the System Administrator for the other Smartsheet account is, reach out to the Support team and we can assist with finding this information for you. 

Why did I receive an error during the metadata validation step while setting up SAML?

The error received in this step will call out the specific problem with the metadata. Here are a few examples of errors you might receive: 

  • DNS validation failed.  Please make sure the DNS entry has propagated and try again 
  • Domain is already associated with IdP
  • Missing SAML Metadata

You’ll need to partner with the IdP admin to adjust the metadata claims and repeat the steps to set up SAML. Examples of accepted claims in Smartsheet can be found in the SAML Configuration and Claims Examples in Smartsheet article. 

How do I add a domain to my IdP in Smartsheet?

If you have more than one Active IdP, you can add domains to an IdP to ensure that everyone from that domain will authenticate against that IdP. Anyone who doesn’t match an added domain will authenticate against the default IdP. 

  1. To add a domain, click Edit next to Domains (advanced) in the Edit IdP form.
  2. Type the new domain (e.g. “contoso.com”) and click Add domain.