Set a user movement policy for use with Enterprise Plan Manager (SAML only)

If you've set up SAML as your authentication method in the main plan, you can define policies to automatically assign users to the appropriate managed plan. For example, any user with the SAML attribute "department" that has a value of “finance” can be assigned to the managed plan owned by the Finance department.

Who can use this?

Plans:

  • Enterprise

Permissions:

  • System Admin

Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.

Set up a user movement policy 

  • On the Manage plans screen, select Configure user movement policy

If this is the first time you've set up a policy, you'll see a pre-filled template. The template has a section corresponding to each of the managed plans. Use the attribute and values fields to set the policy for a specific managed plan.

The user movement policy only supports plan-level SAML configurations and is incompatible with domain-level SAML setups. If you’ve already configured a user movement policy, switching to domain-level SAML won’t be possible.

Add attributes

You can use any of the following attributes: 

VariableSchema nameName formats supported
Titlehttp://schemas.smartsheet.com/ws/2021/01/identity/claims/title
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Departmenthttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/department 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Cost centerhttp://schemas.smartsheet.com/ws/2021/01/identity/claims/costcenter 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Primary phone numberhttp://schemas.smartsheet.com/ws/2021/01/identity/claims/primaryphone 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Mobile phonehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Managerhttp://schemas.smartsheet.com/ws/2021/01/identity/claims/manager 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Companyhttp://schemas.smartsheet.com/ws/2021/01/identity/claims/company 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Countryhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/country 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Job rolehttp://schemas.microsoft.com/ws/2008/06/identity/claims/jobrole 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Given namegivenname
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Surnamesurname
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic

Use custom attributes

You can also use custom attributes by mapping them to any of these ten attributes. New users that don’t have a match are placed in the main plan.

VariableSchema nameName formats supported
customField1http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield1 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField2http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield2 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField3http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield3 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField4http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield4 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField5http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield5 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField6http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield6 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField7http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield7 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField8http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield8 
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField9http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield9
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField10http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield10
  • urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • urn:oasis:names:tc:SAML:2.0:attrname-format:basic