Advanced Features and Security for Enterprise Plans

About the Safe Sharing Policy

The Safe Sharing policy lets you create a list of approved users and domains for sharing items. You can apply this policy to sheets, forms, reports, workflows, WorkApps, and dashboards. For example, the policy can prevent users from sharing, emailing, or executing workflows with anyone not on the Safe Sharing list.

You can also restrict unauthorized users from:

• Sharing sheets and workspaces
• Sending rows
• Using the Send Link to Form option within the form link
• Adding user to your plan
• Adding users to groups

The approved users and domains lists also restrict email, which means users won’t be able to send emails from Smartsheet to restricted domains and email addresses.

What to expect

After you activate the Safe Sharing Policy in the Admin Center, two sheets become available to you:

• One for the domain list
• One for the user list (email addresses allowed)

These are standard sheets you can edit and share with other users. However, sharing them only with someone you trust to manage your Safe Sharing List is advisable. They contain eight auto-generated columns that are locked by default. Don't change those columns to avoid compromising existing permissions or workflows, and also to prevent issues with future enhancements to the feature.

• Domains/Emails allowed to share
• Exempt from Corporate Account Requirement
• Exempt from MFA Requirement
• Modified By
• Modified On
• Created By
• Created
• Notes

Additionally, a new Admin Settings workspace is automatically generated for you to store both sheets. Note that the data you enter in these sheets synchronizes with the Exempt list, which you use to manage external sharing.

Known limitations

• Future System Admins added to Smartsheet don't automatically get access to the Safe Sharing List. An existing System Admin must share the Safe Sharing sheets (or workspace) with them.
• After you modify the Safe Sharing Policy, it may take up to three minutes for it to apply.
• Both sheets only support up to 20,000 rows. You may notice slight delays during the policy enforcement if you're working with more than 20,000 entries. 
• Changes to the Safe Sharing sheets don't automatically trigger a notification, but you're encouraged to add a workflow to trigger a notification on changes to the sheets.
   

Other things to know

• You can manage the Safe Sharing List programmatically using the sheet API.
• You need to add subdomains to the allowlist individually. For instance, adding company.com to the allow list doesn't add portal.company.com. You need to add both domains.
• When enabled, Safe Sharing capabilities restrict who can receive notification emails.
• You can audit your Safe Sharing List through the Sheet Access Report and use the sheet activity log to check who changed the sheets.
• Upon activation, all System Admins on the plan receive Admin permissions on both sheets linked to the Safe Sharing list. They also receive a notification when the policy is activated or deactivated.
   

Set up, modify, or deactivate an approved domain-sharing list

Set up an allowlist to ensure that others can share assets only with people with a company email address. You can also restrict sharing by domain or by specific email addresses.

Ensure you've added and validated at least one domain before you turn on Safe Sharing; otherwise, users won't be able to share with anyone else, including people in your organization.

To set up the policy: 

1. Go to Admin Center and select the menu icon on the top-left corner.
2. Navigate to Governance Controls.
3. Select Manage on the Safe Sharing Policy tile. 
4. Slide the toggle to turn on the policy.

Brandfolder Image

Enable requests for additional domains

When you activate Safe Sharing, you can share a link to a form. This form allows members of your organization's plan to request System Admins to add extra domains or email addresses to the allow list. You can use the Input URL here field for this purpose.

A link appears in a Smartsheet window whenever someone attempts to share or email an item from Smartsheet to someone whose email address falls outside the allowlist.

Your link can be:

• A URL for an existing system your organization uses (such as an IT ticketing site)

• A Smartsheet form

  Any Smartsheet items that you shared before enabling domain restrictions remain shared to anyone outside of the approved domains. You can generate a Sheet Access Report to see shared items.

Brandfolder Image

To edit your allowlist

1. Go to the Admin Center and select the menu icon.
2. Navigate to Governance Controls.
3. Select Manage on the Safe Sharing Policy tile.
4. Select Edit Sheet on the list you'd like to edit:
   • Domains allowed
   • Email addresses allowed
5. Add, edit, remove domains or addresses from the list.

When adding domains, do not include the @. For example, @domain.com should be entered as domain.com. 

Brandfolder Image

If you've accidentally deleted your Safe Sharing list, you have 30 days to retrieve it from the recycle bin.

To deactivate safe sharing:

In the Safe Sharing Policy right pane:

1. Slide the toggle to turn off the policy.

Brandfolder Image

Disabling the Safe Sharing policy across your plan allows your users to share Smartsheet items with anyone outside of your organization.

Safe Sharing List and premium applications

Other premium applications may indirectly integrate with the Safe Sharing List or aren't necessary.

Manage authentication options

All Smartsheet customers can log in using their email address and password or choose from several single-sign-on options. System Admins can deactivate any of these login options as desired.

To modify how people sign in to Smartsheet:

1. In Admin Center, select the Menu icon at the upper-left.
2. Navigate to Settings > Authentication.
3. Select Manage federated SSO Options.