Learning Track
This Help Article appears in the System Admin learning track. Get the most out of this learning track by starting at the beginning.
This Help Article appears in the System Admin learning track. Get the most out of this learning track by starting at the beginning.
System Admins can configure security controls.
A System Admin for an Enterprise plan can configure security controls to manage how their users work in Smartsheet. To get started, select Account > Admin Center and then select Security/Safe Sharing List on the left panel of the Account Administration window.
System Admins can:
If you have multiple plans and one plan is the main plan under Enterprise Plan Manager, you can set safe sharing controls in the main plan, and all managed plans will inherit those controls. You can change these settings on the managed plan if you are an administrator on the main plan.
Use this capability to restrict sharing by domain or by specific email addresses—for example, to ensure that sheets are shared only to people with a company email address. You'll do this by setting up an Allowlist.
When Approved Domain Sharing is enabled, all workflows with recipients outside the Approved Domain Sharing list will become disabled with an "Invalid Recipients" message. To ensure that workflows don't get disabled, make sure that all recipients of workflow automation are added to Approved Domain Sharing. Alternatively, ensure at least one recipient in every workflow within the Approved Domain Sharing list.
NOTES:
Once you enable the Approved Domain & Address Sharing capability, people in your account must use email addresses with approved domains when they do the following:
Smartsheet items that were shared before domain restrictions were enabled will remain shared to anyone outside of the approved domains. You can generate a Sheet Access Report to see what items have been shared with whom, details on this are available here.
To change the list:
To disable the capability, select the Edit button, uncheck the Enabled checkbox, and select OK.
Restrict the type of user who can be added to a group by Group Admins. For example, you can limit this to only users on the account or allow all users and external contacts in groups.
To learn more about creating and managing groups, see the Managing Groups help article.
All Smartsheet customers can log in using their email address and Smartsheet password, or they can choose from a number of single-sign-on options. System Admins can disable any of these login options as desired.
Learn more about this in the article Manage Authentication Options for an Enterprise Plan (System Admin).
User Auto Provisioning automates adding users to an Enterprise account in Smartsheet. Rather than manually inviting users through the User Management screen, enable this capability to automatically add users to your account if they sign up for Smartsheet with an email address owned by your organization. You can choose to automatically add users to the account as licensed or non-licensed, depending on the access you'd like to provide.
Review our help article on User Auto Provisioning for detailed instructions. Completing the process will require you to add record(s) to your Domain Name System (DNS), so you may need to loop in an internal technical resource for assistance.
By default, all forms are anonymous and available to anyone with a link to the form. You can limit form access to people with a Smartsheet login or people on your Smartsheet account via the safe sharing list.
When these settings are selected in the Admin Center, they apply as the minimum permissions for all forms on your account and cannot be changed in the form builder.