Set a user movement policy for use with Enterprise Plan Manager (SAML only)

Who can use this?

Plans:

Enterprise

Permissions:

System Admin

Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.

Overview

If you've set up SAML as your authentication method in the main plan, you can define policies to assign users to the appropriate managed plan automatically. For example, any user with SAML attribute "department" that has a value of “finance” can be assigned to the managed plan owned by the Finance department.

To set up a user movement policy

On the Manage plans screen, select Configure user movement policy.

If this is the first time you've set up a policy, you'll see a pre-filled template. The template has a section corresponding to each of the managed plans. Use the attribute and values fields to set the policy for a specific managed plan.

The user movement policy only supports plan-level SAML configurations and is incompatible with domain-level SAML setups. If you’ve already configured a user movement policy, switching to domain-level SAML won’t be possible.

Add attributes

You can use any of the following attributes:

Variable	Schema name	Name formats supported
Title	http://schemas.smartsheet.com/ws/2021/01/identity/claims/title	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Department	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Cost center	http://schemas.smartsheet.com/ws/2021/01/identity/claims/costcenter	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Primary phone number	http://schemas.smartsheet.com/ws/2021/01/identity/claims/primaryphone	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Mobile phone	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Manager	http://schemas.smartsheet.com/ws/2021/01/identity/claims/manager	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Company	http://schemas.smartsheet.com/ws/2021/01/identity/claims/company	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Country	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Job role	http://schemas.microsoft.com/ws/2008/06/identity/claims/jobrole	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Given name	givenname	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Surname	surname	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic

Use custom attributes

You can also use custom attributes by mapping them to any of these ten attributes. New users that don’t have a match are placed in the main plan.

Variable	Schema name	Name formats supported
customField1	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield1	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField2	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield2	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField3	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield3	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField4	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield4	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField5	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield5	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField6	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield6	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField7	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield7	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField8	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield8	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField9	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield9	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField10	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield10	urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oasis:names:tc:SAML:2.0:attrname-format:basic

Applies to

Capabilities

Who can use this capability

Set a user movement policy for use with Enterprise Plan Manager (SAML only)

Who can use this?

Plans:

Permissions:

Overview

To set up a user movement policy

Add attributes

Use custom attributes

Enterprise Plan Manager

Set up and configure Enterprise Plan Manager

Applies to

Capabilities

Who can use this capability

Set a user movement policy for use with Enterprise Plan Manager (SAML only)

Who can use this?

Plans:

Permissions:

Overview

To set up a user movement policy

Add attributes

Use custom attributes

Related Content

Enterprise Plan Manager

Set up and configure Enterprise Plan Manager