Applies to
- Enterprise
Capabilities
Who can use this capability
- System Admin
Configure governance controls for an Enterprise plan
As a System Admin, you can configure the Safe Sharing Policy in your governance controls to manage how users work in Smartsheet.
Who can use this?
Plans:
- Smartsheet
- Enterprise
Permissions:
- System Admin
Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.
About the Safe Sharing Policy
The Safe Sharing policy lets you create a list of approved users and domains for sharing items. You can apply this policy to sheets, forms, reports, workflows, WorkApps, and dashboards. For example, the policy can prevent users from sharing, emailing, or executing workflows with anyone not on the Safe Sharing list.
You can also restrict unauthorized users from:
- Sharing sheets and workspaces
- Sending rows
- Using the Send Link to Form option within the form link
- Adding user to your plan
- Adding users to groups
The approved users and domains lists also restrict email, which means users won’t be able to send emails from Smartsheet to restricted domains and email addresses.
What to expect
After you activate the Safe Sharing Policy in the Admin Center, two sheets become available to you:
- One for the domain list
- One for the user list (email addresses allowed)
These are standard sheets you can edit and share with other users. However, sharing them only with someone you trust to manage your Safe Sharing List is advisable. They contain eight auto-generated columns that are locked by default. Don't change those columns to avoid compromising existing permissions or workflows, and also to prevent issues with future enhancements to the feature.
- Domains/Emails allowed to share
- Exempt from Corporate Account Requirement
- Exempt from MFA Requirement
- Modified By
- Modified On
- Created By
- Created
- Notes
Additionally, a new Admin Settings workspace is automatically generated for you to store both sheets. Note that the data you enter in these sheets synchronizes with the Exempt list, which you use to manage external sharing.
Known limitations
- Future System Admins added to Smartsheet don't automatically get access to the Safe Sharing List. An existing System Admin must share the Safe Sharing sheets (or workspace) with them.
- After you modify the Safe Sharing Policy, it may take up to three minutes for it to apply.
- Both sheets only support up to 20,000 rows. You may notice slight delays during the policy enforcement if you're working with more than 20,000 entries.
- Changes to the Safe Sharing sheets don't automatically trigger a notification, but you're encouraged to add a workflow to trigger a notification on changes to the sheets.
Other things to know
- You can manage the Safe Sharing List programmatically using the sheet API.
- You need to add subdomains to the allowlist individually. For instance, adding company.com to the allow list doesn't add portal.company.com. You need to add both domains.
- When enabled, Safe Sharing capabilities restrict who can receive notification emails.
- You can audit your Safe Sharing List through the Sheet Access Report and use the sheet activity log to check who changed the sheets.
- Upon activation, all System Admins on the plan receive Admin permissions on both sheets linked to the Safe Sharing list. They also receive a notification when the policy is activated or deactivated.
Set up, modify, or deactivate an approved domain-sharing list
Set up an allowlist to ensure that others can share assets only with people with a company email address. You can also restrict sharing by domain or by specific email addresses.
Ensure you've added and validated at least one domain before you turn on Safe Sharing; otherwise, users won't be able to share with anyone else, including people in your organization.
To set up the policy:
- Go to Admin Center and select the menu icon on the top-left corner.
- Navigate to Governance Controls.
- Select Manage on the Safe Sharing Policy tile.
- Slide the toggle to turn on the policy.
Enable requests for additional domains
When you activate Safe Sharing, you can share a link to a form. This form allows members of your organization's plan to request System Admins to add extra domains or email addresses to the allow list. You can use the Input URL here field for this purpose.
A link appears in a Smartsheet window whenever someone attempts to share or email an item from Smartsheet to someone whose email address falls outside the allowlist.
Your link can be:
- A URL for an existing system your organization uses (such as an IT ticketing site)
Any Smartsheet items that you shared before enabling domain restrictions remain shared to anyone outside of the approved domains. You can generate a Sheet Access Report to see shared items.
To edit your allowlist
- Go to the Admin Center and select the menu icon.
- Navigate to Governance Controls.
- Select Manage on the Safe Sharing Policy tile.
- Select Edit Sheet on the list you'd like to edit:
- Domains allowed
- Email addresses allowed
- Add, edit, remove domains or addresses from the list.
When adding domains, do not include the @. For example, @domain.com should be entered as domain.com.
If you've accidentally deleted your Safe Sharing list, you have 30 days to retrieve it from the recycle bin.
To deactivate safe sharing:
In the Safe Sharing Policy right pane:
- Slide the toggle to turn off the policy.
Disabling the Safe Sharing policy across your plan allows your users to share Smartsheet items with anyone outside of your organization.
Safe Sharing List and premium applications
Other premium applications may indirectly integrate with the Safe Sharing List or aren't necessary.
Premium application | Integration with Safe Sharing List |
---|---|
Brandfolder | Depending on Admin settings, users can share assets privately or publicly as a link. There's no integration with the Safe Sharing List. |
Bridge | Bridge supports the Safe Sharing List through modules in Bridge workflows. |
Calendar | Calendar supports the Safe Sharing List. |
Control Center | There's no integration with the Safe Sharing List. |
DataMesh | DataMesh inherits access permissions and the Safe Sharing List from the signed-in user. These are both adhered to when creating and transferring Data Mesh configurations. |
Data Shuttle | There's no sharing model for Data Shuttle. |
Data Tables | You can only share with others within a company, and you don't need the Safe Sharing List. |
Dynamic View | Dynamic View supports the Safe Sharing List. |
Pivot | Pivot only uses sheets which support the Safe Sharing List. |
Resource Manager | You can only share Resource Management reports with other Resource Management users through a link. There is no integration with the Safe Sharing list. |
Manage authentication options
All Smartsheet customers can log in using their email address and password or choose from several single-sign-on options. System Admins can deactivate any of these login options as desired.
To modify how people sign in to Smartsheet:
- In Admin Center, select the Menu icon at the upper-left.
- Navigate to Settings > Authentication.
- Select Manage federated SSO Options.