Who can use this capability
System Admins and an IT Administrator can set up Active Directory with Smartsheet
System Admins can manage users (provision, deprovision, change user profile information and roles) through AD as long as they’re also an Azure AD Administrator.
Manage Smartsheet Users Through Azure Active Directory
Leverage Azure Active Directory (Azure AD) to provision, deprovision, and manage the profile data of users in your Smartsheet account.
Before you begin, take the following steps:
- Contact your Smartsheet account representative to have this capability enabled for your organization’s account. Let your account representative know the escrow user information for your Smartsheet account. All objects owned by a deprovisioned user will get transferred to this escrow user.
- Take the Azure Active Directory and Smartsheet Integration online training.
- Download your current user list from Smartsheet under Account > User Management > More Actions > Download User List. (See Manage User Accounts for more info.) You will use this list as a reference to assign users with the correct roles in Azure AD.
Connect Azure AD With Smartsheet
Use this SCIM URL to configure Azure Active Directory integration: https://scim.smartsheet.com/v2/
- Sign in to Smartsheet with System Admin credentials.
- In Smartsheet, generate an API token under Account > Apps and Integrations > API Access > Generate new access token.
NOTE: The token generated runs with your credentials—this is a password to your account, treat it as such.
- In Azure AD, work with your IT administrator for your organization to configure a gallery tile using the Smartsheet API token generated by the System Admin.
User List Report
Once you have configured Azure AD to manage users in your account, you can download a User List report. This report is available to system administrators only.
Download your current user list from Smartsheet under Account > User Management > More Actions > User List.
As a best practice, when setting up your Azure groups for provisioning, all users should be in the unlicensed user group, even if you are giving them a license. This is to ensure all users will be provisioned to your account when logging into Smartsheet for the first time.
In this report, you will find the following fields:
- Cost Center
Division, Department, and Cost Center data is populated through your Active Directory service. If there is data for these fields, then data for these fields will be present in the User List report. If these fields do not have data from the Directory Service, they will be blank in the report.
The data in the report should automatically sync with the Directory Service, although the exact refresh rate is determined by the Directory Service.
Once you have completed the initial setup with your Smartsheet account representative, be careful when making major changes, such as manual or scripted bulk modification. Improperly prepared scripts could result in unintentional deprovisioning when used in conjunction with the Azure Directory Integration. If you have questions, or need further assistance with how to make significant changes, please contact Support.