Applies to
- Enterprise
Capabilities
Who can use this capability
- Admin
Enterprise Plan Manager overview
Centralizing control with Enterprise Plan Manager.
Who can use this?
Plans:
- Smartsheet
- Enterprise
You must be an Admin on the main plan to use Enterprise Plan Manager.
As your organization grows, you might find that different departments have independently rolled out Smartsheet to manage their work. To centrally enforce security and governance controls across your Smartsheet plans, you may have had to merge multiple plans into one and then set the desired security controls in that plan.
Now, you can use Enterprise Plan Manager (EPM) to ensure that all your organization’s Smartsheet plans follow your security, governance, and compliance requirements.
Use EPM to create a plan hierarchy with two levels:
- Main plan: This plan sets the policies and adds plans to the family.
- Managed plan: These plans inherit governance policies from the main plan.
You can only manage other Enterprise plans with EPM. You can upgrade any Business or Pro plans to Enterprise. Or, you can merge them into a managed plan or the main plan.
Designate your main plan
Typically, your IT department will use its existing plan or create a Smartsheet Enterprise plan to serve as the main plan. This plan controls authentication, user provisioning, and domain validation. From this plan’s Admin Center, you’ll set your policies and add the other plans in your organization to the family.
Access Enterprise Plan Manager through the Admin Center
Contact Smartsheet Customer Success Manager or Technical Account Manager to designate your main plan.
To perform plan management tasks, use Organization View in your main plan. To manage users in your IT team, use the Main Plan view. Switch between views at the bottom of the left menu in Admin Center.
Validate your domains
Once the admin for the main plan validates a domain, Smartsheet will identify all plans where the main contact's email address matches that domain.
Any plan that’s not the main plan can become a managed plan and inherit settings from the main plan. The process doesn’t affect anyone’s plans; it simply shows you who’s using Smartsheet on your validated domains.
You can validate multiple domains.
Configure authentication
In EPM, configure the sign-in method everyone in your organization will use to access Smartsheet. If you are using SAML as a sign-in method, you can add users to your plan and set a user movement policy to allocate users to the most appropriate plans for their roles.
Add managed plans to your family.
Adding a plan to the family makes that plan a managed plan and disables that plan’s ability to configure UAP/domains and authentication. The managed plan admin doesn’t have to take any specific action to join the family; it happens automatically when EPM manages the plan. It’s a best practice to let managed plan system administrators know you’re bringing them into compliance.
Set up User Auto Provisioning (UAP)
Any time a new user on your validated domains logs into Smartsheet, they’ll automatically be provisioned to your main plan. Optionally, you can set a user movement policy to allocate users to the most appropriate plans for their roles.
That’s it! Now your entire organization uses the policies set in the main plan.
Inherited permissions
Domain validation, authentication, and UAP configurations are EPM-aware, meaning that policies set on the main plan will automatically be inherited by managed plans.
You can change these settings on the managed plan if you are an administrator on the main plan.