User invitation automatically declines

Genevieve P.

Hey @Kelly Kindred

Having the users log directly into Smartsheet to accept/decline is exactly what the new behaviour is, now!

The notification will go out, but the prompt is to sign in to Smartsheet (or create a Smartsheet account in order to sign in).

For domains associated with SSO, yes this will still work. Your user should see a prompt to log in with their Company Account after clicking "Accept".

1 - Accepting the invitation via email:

2 - The user is taken to a web browser to open Smartsheet.

If the user has logged in to Smartsheet before using their Company Account (SSO), they should see a prompt to sign in that way.

If the user does not have SSO but has signed in to Smartsheet before, they should see all the possible options to log in, including email address.

If they've never signed in before (so they're not a part of an organization yet), they will need to create a password by clicking "Forgot your Password".

Once they've signed in and joined your organization, your SSO rules will be enforced.

3 - Accepting the invitation IN Smartsheet.

Once logged in, the first thing that happens is a pop-up appears, asking them to Accept or Decline.

NOTE: If this is their first time signing in to Smartsheet, they may also need to accept a User Agreement before seeing this pop-up.

Essentially the email no longer takes the action on their behalf, but asks the user to take the action from within Smartsheet, thus preventing security software, bots, or accidental clicks from declining an invitation accidentally.

Cheers,

Genevieve

Stu Benoff

We just learned about this change and have to tell you that this is absolutely AMATEUR hour at Smartsheet. I would really like to remain professional but it's very difficult. Would anyone who administers large-scale production applications ever consider changing the login process without communicating to All, or at the very least, the system administrators across the platform? I would be looking for a new job and career if I ever did something like this. Where's the CAB - Change Advisory Board? Who approved this?

And, the change they made is ridiculous. So now users have to set a local password in order to login and Accept the license agreement. Then, after they do that they can try to login with SSO. I don't know about any of you but we generally have cache issues when users try to make this switch. We have the users clear the browser cache but sometimes that isn't enough to make it work and we need Smartsheet Support to clear the login credentials on the server side. This process usually takes me 3-4 emails back-and-forth until they get it right. So now I can look forward to many more of these exchanges because now its the norm to create a local password before trying to login with SSO. Seriously folks... we couldn't come up with anything better than this?

We are probably going to have users abandon using SSO and just stick with the local password. And, I heard at Engage '23 that Smartsheet is moving away from local passwords and wants to influence organizations to move to SSO and even federated SSO. This is so counter-productive to that goal that I'm dumbfounded.

How about abandoning the need to accept the license agreement? How about at first login you give the user an option to opt-out of the license agreement otherwise you take it as implied-consent? Just saying, there were other ways this could have been addressed than to secretly change the login process.

Summary - Extremely disappointed in what I would consider 1) FAILED communications for a critical system change and 2) Poor design and implementation of critical system feature (logging in).

Stuart Benoff, Smartsheet System Admin, University of Pennsylvania