User Auto Provisioning (UAP) automatically add users who match the configured domain to your plan.
With UAP enabled, when a user with a validated domain logs in, they are automatically added to the account user-list. It may be helpful to think of this as “Just In Time” provisioning by domain.
Enabling UAP will ensure that users with company domains abide by the same security and account settings. You can setup multiple domains if needed.
Automatically Add Users to an Enterprise Account with User Auto Provisioning
User Auto Provisioning (UAP) automates the process of adding users to an Enterprise account in Smartsheet. Rather than manually inviting users through the User Management screen, enable this feature to automatically add users to your account if they sign up for, or on their next sign in to Smartsheet with an email address owned by your organization. You can choose to automatically add users to the account as licensed or non-licensed, depending on the access you'd like to provide.
TIP: Users automatically added to the account via User Auto Provisioning can still be managed from the User Management screen. Any System Admin on an Enterprise account can enable User Auto Provisioning within Smartsheet.
Completing the process will require you to add records to your Domain Name System (DNS), so you may need to loop in an internal technical resource for assistance.
Part 1: Add and Activate Domains
- Select your Profile icon (upper-right corner) > Account Admin.
- Select Security Controls on the left menu.
- In the Account Admin window, select Edit next to Domains (for User Auto Provisioning, Web Content Widget).
The Domains Validation form appears.
- Select Add Domain. Initially, this is the only option available on this screen as a validated, activated domain is required to enable the functionality.
- In the Add Domain field, type an email address domain owned by your organization (e.g. smartsheet.com).
- Select Save.
The form updates to Edit Domain, and shows the Domain Status as Not Validated.
- For security reasons, you must confirm that you control the domain in question. Smartsheet will generate a record for you to add to your organization's DNS. You may need to work with your IT group to accomplish this.
- Select Validate after adding the record. Smartsheet will perform a DNS lookup to verify that the record exists in your domain. The validation may fail if there is a delay in DNS propagation. If that happens, please attempt domain validation again later.
- If successful, this confirms your ownership of the domain and your authority to manage users who use it in their Smartsheet email address. The status will change from Not Validated to Inactive.
NOTE: The DNS record must always be present for auto provisioning to occur.
- Select Activate to confirm auto provisioning for the domain and then close the window.
A domain can't be deactivated or deleted if User Auto Provisioning is enabled and no other domain has been activated. Turn User Auto Provisioning to Not Enabled, or activate additional domains, to deactivate or delete the existing domain.
Part 2: Enable Auto Provisioning for Activated Domains
- From the User Auto Provisioning form, choose from the available options.
- Add them as LICENSED USERS: any new user who signs up for Smartsheet using an email address with the validated domain is automatically added to your Enterprise account as a licensed user. This doesn't impact any existing users.
- Add them as NON-LICENSED USERS: any new user who signs up for Smartsheet using an email address with the validated domain is automatically added to your Enterprise account as a non-licensed user. This doesn't impact any existing users.
NOTE: If you don't have the ability to change the way users are provisioned after setting up user auto-provisioning, contact your Smartsheet account manager.
- Select Save after selecting an option.
A confirmation message will appear:
- Select Continue to finalize User Auto Provisioning and be redirected to the User Auto Provisioning form.
- Select Add Domain at any time to validate and activate auto provisioning on additional domains owned by your organization.
NOTE: There's no limit to the number of domains you can add.
- Select Edit on a domain at any time to open the Edit Domain form. From here, you can review information about the domain, or select Deactivate and Delete Domain.
If a user appears in your user list whose email address domain does not match the domains you've configured for User Auto Provisioning, then it's possible that the user exists in your SSO identity provider or was invited by another System Admin. This can occur if the user enters an email address matching your UAP domain on the Smartsheet login page, then a different email address is used after the user is redirected to the identity provider login page.