Be aware of new Smartsheet invitation email experience

Hi Community, 

Several customers reported that in the last month, the invitation emails sent to their users to join their organizations’ plans were being automatically declined. Upon investigation, we concluded that this behavior was caused by customers’ email security software that uses “link inspection” which automatically clicks links to check for security threats. During this process the Decline link in the invite emails were being inspected and “clicked” which caused Smartsheet to believe that the user had declined the request, when in actuality the user likely hadn’t even seen the invite yet.

Since we cannot control the behavior of email security software, our Engineering team has temporarily modified the invitation process until a longer term solution can be developed. This is why invitation emails are now directing users to the Smartsheet login page. We’ve also updated our Help Center Article “What to do when you receive an invitation to join a Smartsheet account” to reflect this change.

When you invite a user to join your organization, they will receive an email invitation from user@smartsheet.com. Once they select either Accept or Decline in the invitation email, they will be directed to the Smartsheet login page.

  • If the recipient has previously logged into Smartsheet, they will need to log in with their email and password to review the invitation.
  • If the recipient has never logged into Smartsheet, a new account is created and they will need to set a password for their new login.
  • In order to set a password, they will need to select the Reset Password link on the login page which will generate an email with a link to set a password in Smartsheet.
  • Once logged in, they will be prompted with the invite options and can Accept or Decline the invitation as usual.

Please note: If you have users who are currently Declined, a SysAdmin will need to resend the invitation email using Admin Center. To resend the invitation, please locate the users in the Admin Center, click on the 3 dot menu to the right of their email address and select Resend Invite Email or re-invite through the bulk user invite method.

This impacts users in all plans. Please read this help article for more details.

You can also stay informed by subscribing to receive product release updates for curated news of recently released product capabilities and enhancements for the platform of your choosing, delivered to your inbox. As new releases occur, you will receive a weekly email with news of what's released every Tuesday. 

Best regards,

The Smartsheet Product Team

Comments

  • This affect me as well, and what happen is users did not receive the additional e-mail after clicking 'Forgot Password'... after few tries, the user was somehow able to create an account. And then, everything worked out.

  • We are also experiencing this, and it is causing us many issues. This workaround does not work for enterprise SSO account setups, and I have been waiting for a response for support tickets since October 30th.

  • Jenna Liu
    Jenna Liu ✭✭✭

    It happened to me as well. It is true that our IT security blocked it. Our IT fixed it at the background.

  • Matt Rasmussen
    Matt Rasmussen ✭✭✭✭

    We are also using enterprise SSO, so this isn't working for us. Why not just remove the decline link from the invitation email so the automated security can't decline the invitation? If a user truly doesn't want to accept the invitation, verbiage can be added to simply delete the invite email and go about their day.

  • StephanieStepney
    StephanieStepney ✭✭✭✭✭

    @Matt Rasmussen your suggestion seems to be an easy fix. We also use SSO and if you don't want to accept, just delete. Lets see what they put into practice as the fix :)

  • @AustinFTK @Matt Rasmussen - I checked with the product and engineering teams and this is what they said with regards to a new user trying to accept an invitation to join a plan with enterprise SSO enabled:

    Until the user accepts the invitation, they will not be subjected to SSO, as they aren't a part of the organization's Smartsheet instance yet. An organization's authentication settings should only affect invited users after they accept the invitation. Invited users should still be able to create a password and log in with their Email + Password. Once they log in, they should still see the invitation prompt and once they accept the invitation is when the org's authentication settings will affect them.

  • Matt Rasmussen
    Matt Rasmussen ✭✭✭✭

    Hi @Lekshmi Unnithan, thanks for posting this, but unfortunately that's not what we're experiencing. When I send the user invitation (as the Smartsheet admin) I get an email within a couple of minutes from Smartsheet saying "Smartsheet user invitation declined." When the user clicks the link to accept the invitation (unaware that an email to me says the invitation was declined,) they get this message in their browser from Smartsheet:

    Can you please pass this on to your team? I'm not a network security guru, so I don't know where to go from here.

  • Hi @Matt Rasmussen - Can you please submit a support ticket for this with the necessary details and share the ticket number with me? We'll escalate this to engineering.

    @AustinFTK - Please share your support ticket number and I'll get it escalated as well.

    Thanks!

  • Susan D
    Susan D ✭✭✭

    @austinftk and @Matt Rasmussen

    are you able to reach out to me? We would like to implement sso but this is a show stopper. I am interested in your progress. my email is susan.saraen@bhninc.org

  • Ashley F
    Ashley F ✭✭✭

    There has to be a better process than what was implemented. Better communication of this change would have been great. I have been trying to set up a few associates for over a week now and had no idea that the process had changed and I thought there was something wrong with our account.

    I understand that it appears to be an issue with IT at some facilities email security, but the issue of a few shouldn't affect the process for everyone else.

    Instead of clicking one button and setting the accounts password up for our users, I have a multistep process that is a pain.

    1. Log in to email account to click accept.
    2. Type in the email address for the user into smartsheet.
    3. Click forgot password.
    4. Go back into the email box for the associate.
    5. Click the link in the forgot password email.
    6. Set up the account password.
    7. Click accept on the invite link when Smartsheet opens.

    For some accounts this might not be a big deal, but I set up all accounts prior to the associates having access, so this is a huge pain.

    If you are going to keep this process, maybe add in the steps needed to solve in the email invite? If I were the end user, I would have no idea how to proceed when the "accept" link didn't do anything but take me to a sign in page for an account I don't yet have.

    I agree with a poster above that an easier solution would have been to just remove the decline button from the email as there shouldn't be any negative repercussions to a user not accepting the invite.

  • Instead of proving work arounds - this issue should be fixed, the link in the invitation is still broken. If a new user is experiencing way too many steps just to get into the platform, their user experience and adoption will be diffidently affected.

  • M_G_
    M_G_ ✭✭
    edited 11/30/23

    I find it interesting that email software is being blamed. We had used this feature successfully for months and then SUDDENLY it stopped working. So did we all SUDDENLY make the same email security change on the same day? Surely that would be an incredible co-incidence? Or is it more likely that Smartsheet SUDDENLY made a change that made pre-existing email security software SUDDENLY flag all the emails as an issue? If so, why doesn't Smartsheet put it back how it was before?

  • NickStaffordPM
    NickStaffordPM ✭✭✭✭✭✭

    Yeah would love a fix for this... work arounds are not ideal!

  • AmyW
    AmyW ✭✭

    I too have experienced issues with new users creating a password. In our case, a message indicating an issue with CAPTCHA is displayed. This seems to lock the user in a perpetual loop with no resolution. Thoughts?