Applies to
Capabilities
Who can use this capability
- System Admin
Configure SAML SSO for Smartsheet Gov
Smartsheet Gov supports the plan-level SAML single sign-on (SSO) option. When you configure Smartsheet Gov, you must use a multi-factor authentication (MFA) SSO solution (such as Google Authenticator) to maintain compliance with FedRAMP requirements.
Who can use this?
Plans:
- Smartsheet Gov
Permissions:
- System Admin
Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.
Any SAML 2.0-compliant IdP can integrate for single sign-on (SSO), including the providers below:
- ADFS
- Azure Active Directory
- Okta
- OneLogin
- PingIdentity
Prerequisites
There are specific actions that you must take to ensure the successful setup of SSO with your Smartsheet Gov account:
- You must use this Smartsheet Gov metadata file: https://www.smartsheet.com/smartsheet-saml2-sp-metadata_gov.xml
- Use this Assertion Consumer Service (ACS) URL: https://sso.smartsheetgov.com/saml
- Use this Audience Restriction: https://sso.smartsheetgov.com/Shibboleth.sso/SAML2/POST
- Use this Entity ID: https://sso.smartsheetgov.com/saml
To maintain FedRAMP compliance, use SSO for System Admin functions as well. With the above exceptions in mind, use the instructions in our plan-level SAML SSO setup article to complete your configuration.
In Gov accounts, SAML SSO configurations don’t support CNAME URLs. This means you can’t direct users to sign in to Smartsheet through your organization’s primary login page.