Smartsheet Gov supports the plan-level SAML single sign-on (SSO) option. When you configure Smartsheet Gov, you must use a multi-factor authentication (MFA) SSO solution (such as Google Authenticator) to maintain compliance with FedRAMP requirements.
USM Content
Any SAML 2.0-compliant IdP can integrate for single sign-on (SSO), including the providers below:
- ADFS
- Microsoft Entra ID
- Okta
- OneLogin
- PingIdentity
Prerequisites
There are specific actions that you must take to ensure the successful setup of SSO with your Smartsheet Gov account:
- You must use this Smartsheet Gov metadata file: https://www.smartsheet.com/smartsheet-saml2-sp-metadata_gov.xml
- Use this Assertion Consumer Service (ACS) URL: https://sso.smartsheetgov.com/saml
- Use this Audience Restriction: https://sso.smartsheetgov.com/Shibboleth.sso/SAML2/POST
- Use this Entity ID: https://sso.smartsheetgov.com/saml
To maintain FedRAMP compliance, use SSO for System Admin functions as well. With the above exceptions in mind, use the instructions in our plan-level SAML SSO setup article to complete your configuration.
Current limitations
- In Gov accounts, SAML SSO configurations don't support CNAME URLs. This means you can't direct users to sign in to Smartsheet through your organization's primary sign-in page.
- Smartsheet Gov currently uses a single, global, and fixed SAML Entity ID for all Gov customers: https://sso.smartsheetgov.com/saml. Therefore, Smartsheet can't provide unique or customer-specific Entity IDs.