User Auto Provisioning (UAP) automatically adds users who match the configured domain to your plan.
With UAP enabled, when a user with a validated domain logs in, they are automatically added to the account user list. It may be helpful to think of this as “Just In Time” provisioning by domain.
Enabling UAP will ensure that users with company domains adhere to the same security and account settings. You can set up multiple domains if needed.
Automatically add users with User Auto-Provisioning (UAP)
Email-based TOTP doesn't support User Auto-Provisioning.
Rather than manually inviting users, you can enable User Auto-Provisioning (UAP). This automatically adds users with an email address with one of the domains associated with your plan.
Manage UAP
- Sign in to Admin Center and select Menu.
- Select Settings > User Auto-Provisioning
You'll see the list of activated and validated domains. Use the drop-down menu to turn off UAP or add users as licensed users (Legacy Collaborator Model) / Members (User Subscription Model).
If your plan uses the Legacy Collaborator Model, you can add users as free users. If you're unsure about your model type, learn how to determine the model your plan is on.
Keep the following in mind
- Add, remove, validate, and activate your domains on the Domain Management page.
- Manage users added via UAP the same way you manage users you added manually.
- Users added to your organization through UAP won't receive an email invitation or notification. The same is true for users you add manually via the User Management page (Legacy Collaborator Model) / User roles and reports page (User Subscription Model).
Completing the UAP process will require adding records to your public Domain Name System (DNS). You may need to loop in an internal technical resource for assistance.
To learn more about the records—Domain key (DKIM) record, CNAME record, and DMARC record—see Public DNS entries required for the setup.
Password prompts
In some cases, when UAP is enabled on a plan, new users may be prompted to create a Smartsheet password when they first sign in, even if the organization doesn't have the email+password-based login option enabled.
This can occur when a sheet share creates a user account, and the user still needs to follow the sheet share link to finalize the UAP process, or if the user is invited via User Management (Legacy Collaborator Model) / User roles and reports (User Subscription Model) instead of being provisioned via UAP.
Have the user set a password to complete the signup process for their account. This will complete the enrollment process, allowing them to sign in as usual.