USM Content
Centrally manage Smartsheet plans and enforce security across your organization.
Enterprise Plan Manager overview
USM Content
You must be an Admin on the main plan to use Enterprise Plan Manager.
As your organization grows, you may find that different departments have independently rolled out Smartsheet to manage their work. To centrally enforce security and governance controls across your Smartsheet plans, you may have had to merge multiple plans into one and then apply the desired security controls in that plan.
Now, you can use Enterprise Plan Manager (EPM) to ensure that all your organization's Smartsheet plans follow your security, governance, and compliance requirements.
Use EPM to create a plan hierarchy with two levels:
- Main plan: This plan sets the policies and adds plans to the family.
- Managed plan: These plans inherit governance policies from the main plan.
You can only manage other Enterprise plans with EPM. You can upgrade any Business or Pro plans to Enterprise. Or, you can merge them into a managed plan or the main plan.
Designate your main plan
Typically, your IT department uses its existing plan or creates a Smartsheet Enterprise plan to serve as the main plan. This plan controls authentication, user provisioning, and domain validation. From this plan's Admin Center, you can set your policies and add the other plans in your organization to the family.
Access Enterprise Plan Manager through the Admin Center
Contact your Smartsheet Customer Success Manager or the Technical Account Manager to designate your main plan.
To perform plan management tasks, use Organization View in your main plan. To manage users in your IT team, use the Main Plan view. Switch between views at the bottom of the left menu in Admin Center.
Validate your domains
Once the admin for the main plan validates a domain, Smartsheet identifies all plans where the main contact's email address matches that domain.
Any plan other than the main plan can become a managed plan and inherit settings from the main plan. The process doesn't affect anyone's plans; it simply shows you who's using Smartsheet on your validated domains.
Learn how to validate multiple domains.
Configure authentication
In EPM, you can configure the sign-in method everyone in your organization uses to access Smartsheet. If you're using SAML as a sign-in method, you can add users to your plan and set a user movement policy to allocate users to the most appropriate plans for their roles.
Add managed plans to your family
Adding a plan to the family makes it a managed plan and disables its ability to configure UAP/domains and authentication. The managed plan admin doesn't have to take any specific action to join the family; it happens automatically when EPM manages the plan. It’s recommended to let managed plan System Admins know you're bringing them into compliance.
Set up User Auto Provisioning (UAP)
Any time a new user on your validated domains signs into Smartsheet, they're automatically provisioned to your main plan. Optionally, you can set a user movement policy to allocate users to the most appropriate plans for their roles.
That's it! Now your entire organization uses the policies set in the main plan.
Inherited permissions
Domain validation, authentication, and UAP configurations are EPM-aware, meaning that managed plans automatically inherit the policies set on the main.
You can change these settings on the managed plan if you're an Admin on the main plan.