Admin Center: Set security controls for your account

Use Security & Controls to control permissions for global notifications and requests, group memberships, form permissions, Account Discovery, offline form submission, Tenant ID, and directory integration. You can also set controls for attachments and supported chat providers.

1. Log in to Admin Center.
2. Select Menu > Settings > Security Controls. 

Permissions

Brandfolder Image

Notification and requests 

Control who can receive notifications or requests from sheets based on the users' level of access to sheets and memberships in the organization.

Groups

Control membership to groups created within the organization. By default, you can add anyone to a group. You can restrict groups to people who are part of the organization.

If your organization uses Directory Integration, you can still add a user’s email address that doesn’t match any of the domains for the plan to a Smartsheet group.

Account discovery

Only plans with the Legacy Collaborator Model use Account Discovery. If you're unsure about your model type, learn how to determine the model your plan is on.

With Account Discovery enabled, people with an email address that matches the plan's verified email domain can make a request to join the organization. This request shows up in the License Request Management section.

If you have configured Custom Upgrades, the request is forwarded accordingly.

If you use User Auto Provisioning (UAP), you can't configure Account Discovery; UAP takes precedence over Account Discovery in those cases.

Tenant ID

The Smartsheet Tenant ID is a one-time key used to establish a connection between Smartsheet and third party applications, such as AWS AppFabric. Find the Tenant ID under Security Controls in the Admin Center.

Forms

Only Enterprise customers can set system-wide form permissions. 

By default, all forms are anonymous and available to anyone with a link to the form. You can limit form access to people with a Smartsheet login or to people on your Smartsheet account via the safe sharing list. 

When you've selected these settings in the Admin Center, they apply as the minimum permissions for all forms on your account and they can't be changed in the form builder.

Offline forms

Offline Form Submission allows your team to access the mobile app and submit forms without an internet connection. Toggle this setting on or off to control access for users on your account. For more information about this feature, review Things to know about mobile offline forms.

Content and chat controls

Brandfolder Image

Configure controls on what type of items can be published and what sources of data are allowed in Smartsheet. Additionally, you can pick from one of two supported chat providers.

Attachments

Allow or block different sources for attachments. Depending on the sources allowed, members in the organization can upload files from their own computers, by attaching a link (URL) to a site, or from third-party cloud storage services including:

• Google Drive
• OneDrive
• Box
• Dropbox
• Evernote
• Egnyte

If you turn off the Upload from Computer option for attachments, the security configuration settings blocks the available functionality in Admin Center such as Sheet Access Report.

If you block file upload to S3, form builders can't add an attachment field to forms in your account, and respondents won't attach a file to the form.

Images in sheet fields

Toggle this off to remove the ability to add images to cells in sheets owned by other users on your account. This won't remove any existing images. 

This setting is available to customers on Enterprise or Business plans. For more information about this feature, see Adding images to Grid view.

Web content widget

Toggle off Web Content Widget to remove the ability to add web content widgets to dashboards owned by other users on your account. 

Customers on an Enterprise plan can allow specific company domains as supported sources for the web content widget by validating those domains and checking the Include domains… box. For more information about this feature, see Add interactive content to a dashboard with the Web Content Widget. 

Chat integration

Select a supported chat provider to further simplify communication among your users while using Smartsheet.

Use Chat Integration to control which chat providers are enabled. Only one selection can be active. For more information about setting up Chat integrations, see Chat Integration Options for Smartsheet.

Publishing controls

You can configure controls on what type of items can be published and what sources of data are allowed in Smartsheet.

If you have multiple plans and one plan is the main plan under Enterprise Plan Manager, you can set publishing controls for reports, sheets, and dashboards in the main plan and those controls will be inherited by all managed plans. You can change these settings on the managed plan if you are an administrator on the main plan.

Report publishing

You can toggle off Report Publishing to immediately unpublish all published reports. Based on your organization’s security requirements, you can also control whether published reports can be viewed by anyone or only by people in your own organization. For more information, see Report publishing.

Sheet publishing

Toggle off Sheet Publishing to immediately unpublish all published sheets. Based on your organization's security requirements, you can also control whether published sheets can be viewed by anyone or only by people in your own organization. For more information, see Sheet publishing.

Dashboard publishing

Toggle off Dashboard Publishing to immediately unpublish all published dashboards. Based on your organization's security requirements, you can also control whether anyone or only people in your own organization can view published dashboards. For more information, see Dashboard Publishing.

Calendar publishing

Calendar publishing offers two separate toggles:

• Calendar view 
• Calendar App

Toggle off iCal Publishing to remove the ability to publish a sheet's calendar view to iCal format. Calendars already published will be unpublished immediately. For more information about this feature, see Publishing a Smartsheet calendar to iCal format.

Toggle off Calendar App Publishing to remove the ability to publish calendars in the Calendar App. Previously published calendars will be unpublished immediately. For more information, see Calendar App publishing.

API access token

Enhance security by configuring the expiration time for API access tokens within your plan. See Configure access token expiration time.

Brandfolder Image