Set a user movement policy for use with Enterprise Plan Manager (SAML only)

PLANS

Smartsheet
Enterprise

Permissions

You must be an Admin on the main plan to use Enterprise Plan Manager.

If you have set up SAML as your authentication method in the main plan, you can define policies to assign users to the appropriate managed plan automatically. For example, any user with SAML attribute “department” that has a value of “finance” can be assigned to the managed plan owned by the Finance department.

To set up a user movement policy:

On the Manage plans screen, select Configure user movement policy.

If this is the first time you’ve set up a policy, you’ll see a pre-filled template. The template has a section corresponding to each of the managed plans. Use the attribute and values fields to set the policy for a specific managed plan.

You can use any of the following attributes:

Variable	Schema Name	Name Formats Supported
Title	http://schemas.xmlsoap.org/ws/2021/01/identity/claims/title	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Department	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Cost Center	http://schemas.smartsheet.com/ws/2021/01/identity/claims/costcenter	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Primary Phone Number	http://schemas.smartsheet.com/ws/2021/01/identity/claims/primaryphone	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Mobile Phone	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Manager	http://schemas.smartsheet.com/ws/2021/01/identity/claims/manager	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Company	http://schemas.smartsheet.com/ws/2021/01/identity/claims/company	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Country	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Role	http://schemas.microsoft.com/ws/2008/06/identity/claims/jobrole	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Given Name	givenname	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Surname	surname	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic

You can also use custom attributes by mapping them to any of these ten attributes.

Variable	Schema Name	Name Formats Supported
customField1	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield1	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField2	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield2	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField3	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield3	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField4	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield4	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField5	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield5	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField6	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield6	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField7	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield7	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField8	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield8	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField9	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield9	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic
customField10	http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield10	urn:oasis:names:tc:SAML:2.0:attrname-format:uri<br>- urn:oasis:names:tc:SAML:2.0:attrname-format:basic

New users that don’t have a match will end up in the main plan.

Applies to

Capabilities

Who can use this capability

Set a user movement policy for use with Enterprise Plan Manager (SAML only)

PLANS

Permissions

To set up a user movement policy:

You can use any of the following attributes:

You can also use custom attributes by mapping them to any of these ten attributes.

Applies to

Capabilities

Who can use this capability

Set a user movement policy for use with Enterprise Plan Manager (SAML only)

PLANS

Permissions

To set up a user movement policy:

You can use any of the following attributes:

You can also use custom attributes by mapping them to any of these ten attributes.

Related Content

Topic

Enterprise Plan Manager

Help Article

Set up and configure Enterprise Plan Manager