Enterprise Plan Manager Overview

Applies to

  • Enterprise

This Help Article Appears in the Following Learning Tracks


Who can use this capability

You must be an Admin on the main plan to use Enterprise Plan Manager.

As your organization grows, you might find that different departments have independently rolled out Smartsheet to manage their work. Until now,  to centrally enforce security and governance controls, across all of your Smartsheet plans, you had to merge multiple plans into a single plan and then set the desired security controls in that plan. 

Now, you can use Enterprise Plan Manager (EPM)  to ensure that all your organization’s Smartsheet plans follow your security, governance, and compliance requirements. 

Use EPM to create a plan hierarchy with two levels:

  • Main plan: This plan sets the policies and adds plans to the family.
  • Managed plan: These plans inherit governance policies from the main plan. 

You can only manage other Enterprise plans with EPM. You must upgrade any Business or Pro plans to Enterprise or merge them into your main plan before you can manage them with EPM. 

Designate your main plan

Typically, your IT department will either use their existing plan or create a Smartsheet Enterprise plan to serve as the main plan. This plan controls authentication, user provisioning, domain validation.  From this plan’s Admin Center, you’ll set your policies and add the other plans in your organization to the family. 

Access Enterprise Plan Manager through the Admin Center

Contact Smartsheet Customer Success Manager or Technical Account Manager to designate your main plan.

Use Organization View in your main plan to perform plan management tasks. To manage users in your IT team, use the Main Plan view. Switch between views at the bottom of the left menu in Admin Center


Validate your domains

Once the main plan admin validates a domain, Smartsheet identifies all plans with a main contact whose email address matches that domain. Any plan that’s not the main plan can become a  managed plan and will inherit settings from the main plan. The process doesn’t affect anyone’s plans; it simply shows you who’s using Smartsheet on your validated domains.

You can validate multiple domains. 

Configure authentication

In EPM, configure the sign-in method everyone in your organization will use to access Smartsheet. If you are using SAML as a sign-in method, you can set a User Movement Policy so users end up allocated to the most appropriate plans for their roles. 

Add managed plans to your family

Adding a plan to the family automatically makes that plan a managed plan and disables that plan’s ability to configure UAP/domains and authentication. The managed plan admin doesn’t have to take any specific action to join the family; it happens automatically when the plan is managed by EPM.  It’s a best practice to let managed plan system administrators know you’re bringing them into compliance.

Set up User Auto Provisioning (UAP)

Now, any time a new user on your validated domains logs into Smartsheet, they’ll automatically be provisioned to your main plan.  Optionally, you can set a User Movement Policy so users end up allocated to the most appropriate plans for their roles.

That’s it! Now your entire organization uses the policies set in the main plan.