Advanced Features and Security for Enterprise Accounts

Enterprise accounts have all of the functionality of a business plan, plus additional enterprise-specific tools for enhanced security, control, and visibility.

Account Settings for Multi-User Plans

Smartsheet System Administrators can set up, customize, and manage Smartsheet multi-user Business and Enterprise accounts.

As a system administrator, you can configure global account settings and manage billing information for your multi-user plan.

Learn more about security controls on an Enterprise plan.

Configure Security Controls for an Enterprise Plan

System Admins on Enterprise plans have access to configure Security Controls to manage the way their users are working in Smartsheet. System Admins can:

To manage these settings, click Account > Account Admin, and then click Security Controls on the left panel of the Account Administration form.

Account Administration Form
 


Set Up an Approved Domain Sharing List

This feature enables System Admins of Enterprise plans to restrict sharing by domain or by specific email addresses, by setting up a white list. For example, the System Admin can ensure that sheets are shared only to people with a company email address.

NOTES: 

  • Users will also be prevented from sending emails from Smartsheet to restricted domains and email addresses.
  • Subdomains will need to be whitelisted individually, as they aren't included when you whitelist a domain. For instance, whitelisting "company.com" will not whitelist "portal.company.com" as well. (You'll need to whitelist both domains.)
  1. From the upper-left corner of the Smartsheet window, click Account > Account Admin > Security Controls.
  2. In the Approved Domain Sharing section, click Edit.

    The Approved Domain Sharing List form appears:

    Approved domain
     
  3. Select the Enable sharing in Smartsheet only to the domains and email addresses listed below checkbox.
  4. In the Approved domains box, type in each email domain (for example: companydomain.com) that users will be allowed to share to. Each domain must appear on a separate line.

    If there are any specific email address that users should be able to share to that fall outside of the allowed domains, enter them in the Approved email addresses box.

    You can also provide a URL to a form for members of your organization's plan to make a request for System Admins to include additional domains or email addresses in the white list. Your link will be presented in a Smartsheet window whenever users in your plan attempt to share or email an item from Smartsheet to someone whose email address falls outside of the whitelist.

    Your link can be: 
    • A URL for an existing system your organization uses (such as an IT ticketing site) 
    • A Smartsheet form (check out our article on Forms for more information)
       
  5. Click OK.

Once you enable the Approved Domain & Address Sharing feature, people in your account must use email addresses with approved domains when they do the following:

  • Share sheets and workspaces
  • Send rows
  • Use form links
  • Manually or automatically send any alerts or requests (alerts, reminders, update requests, approval requests)

To change the list:

  1. Click the Edit button on the Security Controls form.
  2. Add, edit, remove domains/addresses from the list, and click OK.

To disable the feature, click the Edit button, uncheck the Enabled checkbox, and click OK.
 


Change Group Options

System Admins on Enterprise plans can restrict the type of users who can be added to a group by Group Admins. You can limit this to only users on the account or allow all users and external contacts in groups.

  1. Click Account (in the upper-left corner) > Account Admin > Security Controls.
  2. Click on the Edit button in the Group Membership Options section.

    The Group Management Options form appears:
  3. Select whether to have group membership Limited to Account Users Only. When this option is selected, only users shown in the User Management screen can be added to groups by Group Admins.

To learn more about creating and managing groups, check out our Managing Groups article.

Back to top


Manage Authentication Options

All Smartsheet users are able to log in using their email address and Smartsheet password, or they can single-sign on to our application from Google or Microsoft Office 365 for work or school. System Admins have the ability to disable any of these log in options if desired. Learn more about this in our article on Managing Authentication Options.

We also provide SAML (Security Assertion Markup Language) integration for our Enterprise customers to enable a single sign-on experience with Smartsheet from their local network. Smartsheet currently supports SAML 2 for SSO, and the following  SAML 2 compliant identity providers: OneLogin, ADFS 2.0, Shibboleth, PingIdentity, and Okta.

To set up SSO with SAML2, please review detailed instructions in our article on Managing Authentication Options. The instructions will require assistance from a technical professional who is familiar with SAML and has access to the Identity Provider that will be configured for use with Smartsheet.com. It will walk you through both configuring your Identity Provider for SAML with Smartsheet, and configuring Smartsheet which requires System Admin access to the account.


Enable User Auto Provisioning

User Auto Provisioning automates the process of adding users to an Enterprise account in Smartsheet. Rather than manually inviting users through the User Management screen, enable this feature to automatically add users to your account if they sign up for Smartsheet with an email address owned by your organization. You can choose to automatically add users to the account as licensed or non-licensed, depending on the access you'd like to provide.

Review our help article on User Auto Provisioning for detailed instructions. Completing the process will require you to add record(s) to your Domain Name System (DNS), so you may need to loop in an internal technical resource for assistance.  

Follow these instructions to set up SSO integration with your Enterprise plan.

Manage Authentication Options for an Enterprise Plan (System Admin)

System Admins can manage how people in their account sign in to Smartsheet.

TIP: To improve account security, disable authentication options that your organization doesn’t currently need. (If needed, you can enable them at a later time.)

Before You Begin: Requirements

Authentication options are available to Enterprise plans only.

You must be a System Admin on your account to be able to modify the authentication options discussed here.

Enterprise Level Feature: Enable SAML 2 Sign-In

On an Enterprise-level account, System Admins can also enable the ability for anyone on the account to sign in with their company credentials. Setting up this service requires knowledge of both Security Assertion Markup Language (SAML) and Single Sign-On (SSO). The self-service guide with requirements and instructions to set up a SAML-based SSO service with Smartsheet can be found in the Set Up SAML 2 for Single Sign-On to Smartsheet help article.

Available Sign-In Options 

  • Email + Password - Use your email address and a password created for Smartsheet. 

    IMPORTANT: If you disable the Email + Password option, you’ll see an additional option to Keep Email + Password for Account Admins. Enabling Keep Email + Password for Account Admins ensures that System Admins on the account can still sign in to Smartsheet and manage the account if you experience issues with other authentication services.
  • Google   - Use your Google account credentials to sign-on to Smartsheet by clicking the Google icon on the Smartsheet login page. 
  •  Microsoft Azure AD  - Use your Office 365 for Business Work Account credentials to sign on to Smartsheet by clicking the Work Account button on the Smartsheet login page.
  • SAML - Use your internal corporate authentication credentials to sign-on to Smartsheet using the Your Company Account button (available after entering in the email address). Steps to set this up can be found in our article Set Up SAML 2 for Single Sign-on to Smartsheet.

    NOTE: To use SAML, you'll need to configure your organization's Identity Provider (IdP) to communicate with Smartsheet, and add a record to your organization's Domain Name System (DNS). You may need to consult a technical resource at your organization for assistance with this option.

Edit Sign-In Options

To modify how people sign in to Smartsheet:

  1. Select Account (in the upper-right corner of the Smartsheet window) > Account Admin > Security Controls. 

    The Security Controls form appears.

    Security Controls

    TIP: To learn more about the other options in the form, see Security Controls.
     
  2. In the Authentication section, click Edit.

    NOTE: To enable or disable login features, you must have an Enterprise account.
     
  3. Select your desired authentication options (you must select at least one).

Review these steps to set up user auto provisioning.

Automatically Add Users to an Enterprise Account with User Auto Provisioning

User Auto Provisioning automates the process of adding users to an Enterprise account in Smartsheet. Rather than manually inviting users through the User Management screen, enable this feature to automatically add users to your account if they sign up for, or on their next sign in to Smartsheet with an email address owned by your organization. You can choose to automatically add users to the account as licensed or non-licensed, depending on the access you'd like to provide.

TIP: Users automatically added to the account via User Auto Provisioning can still be managed from the User Management screen. Any SysAdmin on an Enterprise account can enable User Auto Provisioning within Smartsheet.

NOTE: Completing the process will require you to add records to your Domain Name System (DNS), so you may need to loop in an internal technical resource for assistance.

You must be a SysAdmin on an Enterprise plan to enable this feature.

Part 1: Add and Activate Domains

  1. click Account in the upper-right corner of Smartsheet, and then select Security Controls.

    The Security Controls form appears:
    Security Controls
  2. Click Edit next to User Auto Provisioning.

    The User Auto Provisioning form appears:
    User Auto Provisioning
  3. Click Add Domain. Initially, this is the only option available on this screen as a validated, activated domain is required to enable the functionality.
  4. In the Add Domain field, type an email address domain owned by your organization (e.g. smartsheet.com).
  5. Click Save.
    The form updates to Edit Domain, and shows the Domain Status as Not Validated
    Edit Domain
  6. For security reasons, you must confirm that you control the domain in question. Smartsheet will generate a record for you to add to your organization's DNS. You may need to work with your IT group to accomplish this.
  7. Click Validate after adding the record. Smartsheet will perform a DNS lookup to verify that the record exists in your domain. The validation may fail if there is a delay in DNS propagation. If that happens, please attempt domain validation again later.
  8. If successful, this confirms your ownership of the domain and your authority to manage users who use it in their Smartsheet email address. The status will change from Not Validated to Inactive.
    NOTE: The DNS record must always be present for auto provisioning to occur.
  9. Click Activate to confirm auto provisioning for the domain and then close the window.

NOTE: A domain can't be deactivated or deleted if User Auto Provisioning is enabled and no other domain has been activated. Turn User Auto Provisioning to DISABLED, or activate additional domains, to deactivate or delete the existing domain.

Part 2: Enable Auto Provisioning for Activated Domains

  1. From the User Auto Provisioning form, choose from the available options.User Auto Provisioning Domain Enabled
    • Add them as LICENSED USERS: any new user who signs up for Smartsheet using an email address with the validated domain is automatically added to your Enterprise account as a licensed user. This doesn't impact any existing users.
    • Add them as NON-LICENSED USERS: any new user who signs up for Smartsheet using an email address with the validated domain is automatically added to your Enterprise account as a non-licensed user. This doesn't impact any existing users.

      NOTE: If you don't have the ability to change the way users are provisioned after setting up user auto-provisioning, contact your Smartsheet account manager.
       
  2. Click Save after selecting an option.

    A confirmation message will appear:
  3. Click Continue to finalize User Auto Provisioning and be redirected to the User Auto Provisioning form.
  4. Click Add Domain at any time to validate and activate auto provisioning on additional domains owned by your organization.

    NOTE: There's no limit to the number of domains you can add.
     
  5. Click Edit on a domain at any time to open the Edit Domain form. From here, you can review information about the domain, or select Deactivate and Delete Domain.
     

Back to top    

Use a custom welcome screen to share instructions and messages with your Enterprise plan users.

Create a Custom Welcome Message, Help Page, or Upgrade Screen (Enterprise Only)

If you are a System Admin of an Enterprise plan, you can create custom content to help users of your plan get up to speed: 

  • A welcome screen that displays a message to users the first time they log in
  • A help screen to guide team members about how to use Smartsheet 
  • An upgrade screen to assist your users in the onboarding process.

Create a Custom Welcome Screen

The welcome screen will be displayed to all new users that you invite to the Enterprise through User Management the first time they log in to Smartsheet, and to existing users on their next login. You might use the welcome screen to display internal terms and conditions to your users, and require them to accept the terms before continuing.

NOTE: People must accept terms and conditions using Smartsheet in a computer browser, as opposed to the mobile application or mobile browser. They will then be able to use the mobile application as normal after accepting the terms and conditions from a computer browser.

  1. In the upper-right corner of Smartsheet, click Account > Account Admin > Account Settings.

    The Account Settings form appears:

    Enterprise Account Settings

    NOTE: this feature is only available to System Admins. If you are a System Admin and don't see an option for Account Settings in your Account Admin form, please contact our Support team for assistance.
     
  2. Click Edit underneath Custom Welcome Screen.

    The Custom Welcome Screen form appears:

  3. Select the Custom Content Enabled box to turn the setting on for users.
  4. Enter the secure (https://) URL where your custom content is located.

    NOTE: Unsecured (http://) links and links to internal files aren't supported. The link must be accessible from the web.
     
  5. Select the box to Require user to Click Accept if desired. When this is selected, your users will need to check a box indicating that they've read and understand the information in the welcome screen before they will be able to continue into Smartsheet.

    TIP: you can download the user list from the User Management screen to determine which users have accepted the terms.
     
  6. Click Reset to display the welcome screen to all users the next time they login, regardless of whether they have reviewed previous versions in the past.
  7. Click the Preview button to preview the way your welcome screen will appear.
  8. Click OK to save your changes.

Back to top


Customize an Internal Help Screen

Your internal help screen will appear as an option in the drop-down list any time a user on your Enterprise account clicks Help in the upper, left corner of Smartsheet. You might use the help screen to instruct users which sheets are relevant to which teams, how to participate in a workflow, or who to contact for assistance.

  1. Click on Account in the upper left corner > Account Admin > Account Settings. The Account Settings form appears: NOTE: this feature is only available to System Admins. If you are a System Admin and don't see an option for Account Settings in your Account Admin form, please contact our Support team for assistance.
  2. Click on the Edit button underneath Custom Help Screen. The Custom Help Screen form appears:
  3. Select the Custom Resources Help link enabled box to turn the setting on for users.
  4. In the Help Link Text field, enter the name or brief description of your help screen. This text will appear in the drop-down list when your users click Help in the upper, left corner.
  5. Enter the URL where your help content is located. The link must be accessible from the web.
  6. Select whether to Launch in a new browser tab. When de-selected, the custom content will be displayed in an iFrame that pops up within the Smartsheet interface. When selected, a new browser tab will open and display the content.
    NOTE: Launch in a new browser tab must be selected when using an unsecured (http://) URL.
  7. Click the Preview button to preview the way your upgrade screen will appear.
  8. Click OK to save your changes.

Back to top


Create a Custom Upgrade Screen

Your custom upgrade screen will appear any time a non-licensed user on your account takes an action only available to licensed users (for example, if they attempt to create a new sheet). When this occurs, Smartsheet will present the non-licensed user with the following message:

By default, clicking Upgrade Options will display a pop-up window revealing the email address of your account's main contact so the user can reach out and request a license. Your custom upgrade screen will replace this pop-up window. You might use the upgrade screen to display an internal page requesting/providing more information on how the user should proceed with their request, or a form that collects more information about the user's Smartsheet needs to help you determine whether or not to provision them a license.

  1. Click on Account in the upper left corner > Account Admin > Account Settings. The Account Settings form appears: NOTE: this feature is only available to System Admins. If you are a System Admin and don't see an option for Account Settings in your Account Admin form, please contact our Support team for assistance.
  2. Click on the Edit button underneath Custom Upgrade Screen. The Custom Upgrade Screen form appears:
  3. Select the Custom upgrade screen enabled box to turn the setting on for users.
  4. Enter the URL where your custom content is located. The link must be accessible from the web.
  5. Select whether to Launch in a new browser tab. When de-selected, the custom content will be displayed in an iFrame that pops up within the Smartsheet interface. When selected, a new browser tab will open and display the content.

    NOTE: Launch in a new browser tab must be selected when using an unsecured (http://) URL.
     
  6. Click the Preview button to preview the way your upgrade screen will appear.
  7. Click OK to save your changes.

Back to top