If you have set up SAML as your authentication method in the main plan, you can define policies to move users to the appropriate managed plan automatically. For example, any user with SAML attribute “department” that has a value of “finance” can be moved to the managed plan owned by the Finance department.
To set up a user movement policy:
- On the Manage plans screen, select Configure user movement policy.
If this is the first time you’ve set up a policy, you’ll see a pre-filled template. The template has a section corresponding to each of the managed plans. Use the attribute and values fields to set the policy for a specific managed plan.
You can use any of the following attributes:
- Title. The title of the person in your organization (“Director”, “Vice President”, etc. for example) . Here is the format supported by Smartsheet:
name="http://schemas.xmlsoap.org/ws/2021/01/identity/claims/title"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- Department. The department the person belongs to (“Finance”, for example). Here is the format supported by Smartsheet
name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- Cost Center
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/costcenter" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- Primary Phone Number
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/primaryphone" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- Mobile Phone
name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- Manager
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/manager" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- Company
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/company" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- Country
name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- Role
name="http://schemas.microsoft.com/ws/2008/06/identity/claims/jobrole"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
You can also use custom attributes by mapping them to any of these 10 attributes..
- customField1
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield1"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- customField2
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield2"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- customField3
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield3"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- customField4
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield4"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- customField5
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield5"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- customField6
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield6"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- customField7
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield7"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- customField8
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield8"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- customField9
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield9"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- customField10
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield10"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Users that don’t have a match will end up in the main plan.
